aiccu (20140220) stable; urgency=low * Avoid allocating memory for temp buffers for SHA calculations which thus speeds things up quite a bit as we do that a lot for the AYIYA protocol. * Fix static tunnel creation/rename on *BSD platforms * Redocument that OSX uses tunX * Use markdown in the READMEs etc (displays nicer on eg github) * Update ipv6calc URL to ipv6check (this as ipv6calc uses the connection and thus causes confusion when testing with Happy Eyeballs enabled browsers which semi-randomly use IPv6 or IPv4) * Add more verbose Windows version detection * Fix Makefile to properly cross-compile Windows edition again * Update to new GnuTLS structure names, clarify TLS with more logging * Avoid libmagic usage for common files, as it detects CSS as asm for instance * Default TOS to 0 to avoid possibly random issue * Fix TIC caching and flushing * Avoid use of getaddrinfo() using inet_pton() instead, for less code and less problems with offsets in structures (mem-alignment) * Enable hardening flags + resolve issues noted by that * Document fixtime in example aiccu.conf * Update AICCU_MINTIME to 2014 * Allow tunnel listing even if another daemon is already running * Add teardownscript option * misc other things -- Jeroen Massar Thu, 20 Feb 2014 08:34:42 +0000 aiccu (20121018) stable; urgency=low * Use advfirewall for Windows Vista and up * Allow all ICMP, not just ICMP, might resolve pMTU issues on XP-SP2 * Reformat long lines a bit * Updated parseline to be a bit more tolerant and also strict * Keep running, idling away for static tunnels -- Jeroen Massar Thu, 18 Oct 2012 11:30:42 +0000 aiccu (20121003) stable; urgency=low * Add apport script to remove passwords from reports We retain username/tunnel_id etc as those are crucial for debugging -- Jeroen Massar Wed, 3 Oct 2012 10:23:42 +0000 aiccu (20120905) stable; urgency=low * Change debian/rules Recommends 'ntp' into a dependency seems people really forget to install ntp otherwise and their clock will drift away (Debian #678519) * Early daemonization (Debian #497406) * Tunnel name support (Debian #570622) * Incorporate various Debian changes for init scripts etc * Debhelper to version 8 (note that 9 is not in stable, thus can't go there) * Set up proper debian/copyright file etc * Include .po files from Debian as contributed by various Debian folks Removing unused translations and fixing proper capitalization of 'AICCU' * Package-builds are now verbose instead of just "* Compiling XYZ" * Lintian checked with 0 warnings/errors -- Jeroen Massar Wed, 5 Sep 2012 08:13:42 +0000 aiccu (20120828) stable; urgency=low * Add tunneltos option (default enabled) which copies the TOS from the IPv6 packet to the IPv4 layer. AICCU for AYIYA tunnels, kernel on Linux for proto-41 based tunnels. * Fix compiling on Mac OS X Mountain Lion with clang * Fix compiling on OpenBSD 5.0 (emit various header warnings though) -- Jeroen Massar Tue, 28 Aug 2012 16:00:42 +0000 aiccu (20120822) stable; urgency=low * Standardize on doelog() for error reporting including an errno + strerror() * Add 'fixtime' option which forces the time to that of the TIC server if not set, we now first check if the local clock is 'sane', that is that it is at minimum after AICCU_MINTIME (2012) and loop for a bit to see if something else resolves that problem, which should cater for those folks who do not sync NTP before starting AICCU. We exit after a while when it does not get fixed though and report it in the log file (which the users do not always read...) The 'fixtime' option can take effect before TIC's starttls() and thus allows the certificates start/end time to be checked based on that, though of course an adversary might have injected a wrong time already then. (but as NTP is not secure either, they could then do that to there and typically setting a broken time only causes all certs to fail not to accept suddenly an invalid one, unless they acquired an old valid cert) * Write the cache file containing the tunnel details, we also check that a cache file is younger than an hour and use it then, otherwise refresh it. This avoids people running AICCU in a loop as the details will then still be the same anyway. By opening and writing 10k to the cache file before we do TIC we additionally avoid broken/full disks from properly caching the file. -- Jeroen Massar Wed, 22 Aug 2012 16:00:42 +0000 aiccu (20120820) stable; urgency=low * Remove Multiple Tunnelbrokers Support using TXT records from DNS This was only causing problems with long TXT records in various broken resolvers (typically the ones in DSL modems) and was not being used by other brokers as they have gone extinct over the years. Note: an alternative TIC server can still be specified with the server setting * Bring Teepee (L2TP) code into sync so that it compiles along with the rest * Bring TSP code into sync, though still missing most portions (sasl/md5 etc) * Split off osinfo() so that it only exists once in the code * Removed 'automatic' keyword which was not being used * Add Bitrig (OpenBSD fork) support * Typedef various internal structs * Deprecate the old MFC-based GUI client completely * Use calloc or mcalloc where possible -- Jeroen Massar Mon, 20 Aug 2012 10:45:42 +0000 aiccu (20120805) stable; urgency=low * Integrate Gentoo Bug 390611 (Ewoud Kohl van Wijngaarden) * Integrate Gentoo Bug 230091 (Michael Weber) -- Jeroen Massar Sun, 5 Aug 2012 22:03:42 +0000 aiccu (20120316) stable; urgency=low * Call the setupscript not only for win32 * Add linker flags for kFreeBSD * Introduce a createsocket() which also sets CLOEXEC so that the few times we do fork when a fd is open it does not go to the forked exec. -- Jeroen Massar Fri, 16 Mar 2012 16:30:42 +0000 aiccu (20120223) stable; urgency=low * KAME: Add support for interface renaming: -- Jeroen Massar Thu, 23 Feb 2012 21:40:42 +0000 aiccu (20120202) stable; urgency=low * Better handling of multiple tun/tap interfaces on Windows * Show a "please hit a key to close this Window" text and wait for a keypress on Windows, otherwise one won't see the output -- Jeroen Massar Thu, 02 Feb 2012 14:02:42 +0000 aiccu (20111212) stable; urgency=low * Windows Time Fix * Traceroute fix for Windows Seven and up ("tracert -6" instead of "tracert6") -- Jeroen Massar Mon, 12 Dec 2011 12:12:42 +0000 aiccu (20111211) stable; urgency=low * NetBSD tun/tap check refixed due to wrong comparison, oops. (reported again by Geert Hendrickx). * Removed explicit dependency on gnutls (Ubuntu #79439). * Main Makefile now checks during 'dist' make if versions that are in package files are updated correctly. * 'Configuration Information' report, which shows all relevant configuration details which could expose possible problems in the setup of the tunnel: showconfig command. * Cleanup Debian package (Debian #407026): depends: -awk, |time-daemon; debconf template support, start aiccu after networking. * LSB Standard Header for init script (Matt Domsch). * Pre-load tunneling kernel extension on Mac OS X (Alex Le Heux). * Close filedescriptors on execution of sub-programs, eg 'ip' (Ref: * Added 'routeprotocol' option for Linux and set it per default to static. -- Jeroen Massar Sun, 11 Dec 2011 12:11:42 +0000 aiccu (20111205) stable; urgency=low * Support for Windows Seven and Eight (Developer Preview) * Support for UAC (User Account Control) - click on the aiccu.exe and UAC asks for Administrator password and AICCU starts * Sets AddrConfigControl to 0 so that IPv6 DNS is available for non-native tunnels * Disables 6to4/Teredo/ISATAP * Teeny AICCU Icon * Granular Windows version check, choosing the correct netsh commands for enabling/disabling various things (MTU, ICMP firewalling, IPv6 installation) * Don't warn about "Properties" keys in the registry when finding the Tun/Tap interface * Find aiccu.conf in the local directory, the Windows directory and additionall as .txt variant (aiccu.conf.txt) for Notepad users -- Jeroen Massar Mon, 5 Dec 2011 23:59:42 +0000 aiccu (20080315) stable; urgency=low * Windows console edition now build with MinGW/MSYS. * Windows now supports tun801, tun802 and tun901 drivers thus allowing the console edition to run under Windows Vista. * Don't use a connected UDP socket for AYIYA and heartbeat traffic * Tunnel Name/Labelling support * Update to new Windows Tun/Tap driver for AYIYA support on Vista * uild using MinGW/MSYS * MTU configuration on Vista. * Cross compile fixups, allowing eg compiling Linux version on *BSD. * New sourcecode directory layout. * Change from connected UDP socket to unconnected UDP socket for AYIYA tunnels This avoids cases where the local address changes and the socket is still being used. This goes unnoticed when one is behind a NAT as then the local address mostly remains the same. -- Jeroen Massar Sat, 15 Mar 2008 11:00:42 +0000 aiccu (20070115) stable; urgency=medium * Fixup in Debian init script (based on original patch by Bernhard Schmidt). * Change in redirections so that errors don't show in debconf menu's etc. * NetBSD fixes as there is not always a Tunnel Device that supports IPv6 (thanks to Geert Hendrickx). * Gentoo ebuild update, adding depends and require ntp-client. * RPM spec update, add build-requirement. * Check return values of system commands. * Added a big warning about running AICCU from Daemontools and similar programs which run AICCU in a loop, thus hammering the TIC server. * Be a bit smarter in checking for support of IPv6. -- Jeroen Massar Mon, 15 Jan 2007 11:00:42 +0000 aiccu (20070107) stable; urgency=high * 2007 Edition of AICCU. * License change to standard 3-clause BSD license. With thanks to Theo de Raadt, Marco d'Itri and Philipp Kern for their wise words and reasoning for coming to this decision. * High urgency because of the above and it fixing large problems. * Fixed Mac OS X / Darwin support on the MacBookPro of Pim van Pelt. * Added MTU, from TIC, configuration on most platforms. * Fixed up silly linux bug, adding LL address to tunnels but not to tun/taps. * Removed Win32 Alpha Endianess (reported by Christian Weisgerber). * Fixed up alignment error in parseline() (reported by Christian Weisgerber). * OpenBSD 4.0 support (patch provided by Christian Weisgerber). * OpenBSD AYIYA fixup (patch provided by Pim van Pelt). * Fedora/RPM init script fixup (bash case's don't fall through) reported and patch supplied by Matt Domsch. * NetBSD AYIYA support (noted by Tobias Riediger) Works on NetBSD 4.x, for NetBSD 3.0 one needs to patch tun/tap to support IPv6. Patch is available from the archives. * local_ipv4_override option so one can use AICCU behind a NAT that has been configured correctly to do proto-41 forwarding. This is usually called a DMZ setup. -- Jeroen Massar Sun, 07 Jan 2007 14:00:42 +0000 aiccu (20060806) stable; urgency=low * Changelog version format change as the 'official' (before there where legal issues as they don't understand the word 'SHOULD' which is cleary defined in the IETF and now somebody simply uploaded it anyway it without even asking or notifying us about it) debian packages which are broken, old and unsupported would seem newer and thus this new version would not get updated to even when folks would have the official AICCU repository in their sources.list. This solves that issue. * pidfile fixup and configuration parameter. * Corrected Broker selection in debconf. * Configuration file rewriting by debconf is now done in a 'nice' way. -- Jeroen Massar Sun, 6 Aug 2006 13:56:42 +0100 aiccu (2006-07-25) stable; urgency=low * DragonFlyBSD fix -- Jeroen Massar Tue, 25 Jul 2006 11:22:42 +0100 aiccu (2006-07-23) stable; urgency=low * The Nina'th release. * Verified AYIYA support on Windows, OpenBSD, FreeBSD and Linux ia32/AMD64/armeb. * Disabled TSP and L2TP (Teepee) support as they are not finished. * No more IPv4 interface as it is not used anymore. * On AIX we now compile with xlc_r. * Retrieves Tunnel Brokers from _aiccu. and from -- Jeroen Massar Sun, 23 Jul 2006 16:48:42 +0100 aiccu (2006-07-13) stable; urgency=low * Added no-configure and defaultroute options. * AYIYA now forks so that AYIYA heartbeats work. * Ctrl-C handling * Protocol and server can be specified in configuration file * AYIYA fixes: header alignment, Win32 TAP 8.1 support * TAP listing using --listtaps (windows) * Confuration can now be saved using a menu entry in the GUI (windows) * TAP interface renaming when it's the only TAP and name not in the config (windows) * Fedora fixes by Matt Domsch -- Jeroen Massar Thu, 13 Jul 2006 22:42:42 +0100 aiccu (2006-03-10) stable; urgency=low * Changed Debian start/stop priority as noted by Mario 'BitKoenig' Holbe. They now match openvpn/pppd etc. -- Jeroen Massar Fri, 10 Mar 2006 21:24:42 +0100 aiccu (2005-12-05) stable; urgency=low * DragonFlyBSD (uses the FreeBSD4 interface) added as noted by Geert Hendrickx. -- Jeroen Massar Sun, 14 Aug 2005 14:10:42 +0200 aiccu (2005-08-14) stable; urgency=low * Mac OS X typo-fix (reported by Wim Biemolt) * GNUTLS support. TIC will go over TLS avoiding cleartext negotiations where possible. * Heartbeat stop & start per signal (requested by Peter Bieringer) * AYIYA Heartbeating. * L2TPv2 Support. * TSP Support. * Gary Coady's Debian/Ubuntu update: * Use dpkg-buildpackage to generate deb files * Remove configuration checks from Debian init script * Use common print functions in Debian init script * Add 'tunnels' parameter to aiccu, which reports available tunnels * Return non-zero exit code if unable to successfully authenticate to POP * Log to stderr instead of stdout * Send signal 0 to existing aiccu binary instead of SIGHUP * Add debconf support Thanks to Gary for these very nice addons! * Added OpenBSD PortInfo by Thomas Kaschwig * Added Makefile changes to support FreeBSD6, noted by Meno Abels * Added _NETBSD_SOURCE define as mentioned by Maarten Dammers * Changed aiccu_kame to do configuration differently depending if the interface is a proto-41 one or a tun device. * Solaris and AIX support + Endian Fixes. * 'version' option for unix_console. * 64bit fixes + compilation check against a big number of platforms. * Multiple Tunnelbrokers Support using TXT records from DNS. * AYIYA Port number set to 5072 (IANA assigned) -- Jeroen Massar Sun, 14 Aug 2005 14:10:42 +0200 aiccu (2005-01-31) stable; urgency=low * Full integration of AYIYA, thus normal request procedures * Version -gui/-console correction * FreeBSD/Darwin route fixes (reported by Peter van Dijk) * Windows: New POP logos added * Linklocals for AYIYA tunnels making MLD and thus multicast work (reported by Marco d'Itri) * fflush() during non-syslog logging so that AICCU logs correctly when run from daemontools (Peter van Dijk) -- Jeroen Massar Mon, 31 Jan 2005 20:29:42 +0100 aiccu (2005-01-09) stable; urgency=low * Mum's birthday release * MacOS X support (Marc Kramis) * DEBUG messages are not logged anymore * OpenBSD 2.x/3.x support (Wouter van Hemel) * Don't overwrite config when doing a 'make install' (Wouter van Hemel) * Manual page (Antonio Ospite) * Windows Configuration directory based on GetWindowsDirectory() (reported by Thomas B. Ruecker) * Windows NAT message fix (reported by Thomas B. Ruecker) -- Jeroen Massar Sun, 9 Jan 2005 09:00:42 +0100 aiccu (2004-09-17-beta2b) stable; urgency=low * OpenBSD fixes (AO) * debian/rules debclean - now calls the correct clean (A0) * Debian dependency on iproute (MdI) * Gentoo Port (Thorsten Becker) -- Jeroen Massar Sun, 12 Sep 2004 10:24:42 +0100 aiccu (2004-09-09-beta2a) stable; urgency=low * Compile with pendantic, removing C++ "//" comments (AO) * Debian fixes: file permissions, distclean (AO) * rc.d addon (AO) * Remove superfluous CVS dirs (AO) * init script fix specifying 'start' (RS) * RPM_OPT_FLAGS passing (RS) * License fixes, making it more open (PvD & MdI) * RPM package (RS) * FreeBSD 4.x + 5.x port (MA) * Many more fixes and cleanups (JM) Who/what: * AO = Antonio Ospite * RS = Robert Schiele * PvD = Peter van Dijk * MdI = Marco d'Itri * MA = Meno Abels * JM = Jeroen Massar -- Jeroen Massar Thu, 09 Sep 2004 10:24:42 +0100 aiccu (2004-08-30-beta2) stable; urgency=low * Updated LICENSE which should now be 100% free(tm) * Local-IP fix when using heartbeat tunnels -- Jeroen Massar Mon, 30 Aug 2004 21:26:42 +0100 aiccu (2004-08-29-beta2) stable; urgency=low * Brand spanking new AICCU * Compiles both on Windows and UNIX * Supports: - TIC - 6in4-static - 6in4-heartbeat - AYIYA -- Jeroen Massar Sun, 29 Aug 2004 20:55:42 +0100