[Vpn-devel] VPN Client Development Update ...

Matthew Grooms mgrooms at shrew.net
Tue Oct 23 18:33:01 CDT 2007


Its hard to believe that almost two years have passed since development 
of the Shrew Soft VPN Client first began. It started out as a simple x86 
Windows 2000/XP only client designed to support connectivity with the 
IPsec Tools racoon daemon. Since then, it has grown a competitive 
feature set and has been ported to the amd64 Windows XP, FreeBSD, NetBSD 
and Linux operating systems. The vast majority of the source code has 
also been released under an OSI approved open source license and the 
software is in the process of being packaged for inclusion with several 
major OS distributions. I would like to thank everyone who has supported 
the Client development over the last few years. Without helpful input 
from many people that performed testing and submitted bug reports, the 
cultivation of this software would have been next to impossible.

Whats in store for the future? The upcoming 2.0.2 release will likely be 
the last in the 2.0 series with development efforts being refocused on 
the 2.1 branch. Lots of new features are on the road map with some of 
the items already implemented and tested. Here is an excerpt from the 
todo list posted on the website. If I forgot to add an item that was 
promised for the 2.1 release, please let me know ...

2.1.0 release - Bug fix and fine tuning
X Review option flag usage for client struct
X Make divert rule management dynamic
X Add support for syslog output on unix targets
X Add support for DHCP over IPsec configuration method
X Add support for strictly manual client configuration method
X Add stateful fragment evaluation to filter driver
. Add batched packet send and recv support to filter driver
. Add timestamps in non-syslog log output
. Add support for x86/amd64 Windows Vista platforms
. Add support for multiple DNS/WINS server addresses
. Make Split DNS work with an adapter specific DNS suffix
. Add support for automatic renegotiation of IKSAMP SAs
. Add support for storing key and cert data in the site config
. Add user preference dialog for site manager
. Add preference for client minimize to system tray
. Add preference for pre-populating user names
. Import new logo and improved icon sets
. Validate and document support for Cisco ASA gateways
. Validate and document support for Juniper SSG gateways
. Validate and document support for Fortigate gateways
. Validate and document support for Zywall gateways
? Add adaptive communications during connect ( Frag/NATT )
? Move to a purely primitive based tunnel confguration interface
? Add ability to drag site connections as shortcuts
? Add support for lzs compression ( patent encumbered )
? Add support for Microsoft certificate and key storage api
. !!! All reported bugs !!!

A great new logo and icon set has been contributed for user interface 
components. This will be imported during the 2.1 development cycle. Here 
is a quick peek at what things will look like in the near future ...


You may have also noticed that several of the items on this list have to 
do with improving interoperability with commercial VPN gateways. To help 
achieve this goal, the following vendor products have been purchased and 
will be used for development and ongoing compatibility testing ...

Cisco Systems Adaptive Security Appliance
Juniper Networks SSG Firewall/IPsec
Fortinet Fortigate
Zyxel Zywall VPN/Firewall

Future gateway purchases will be based on feedback provided by the user 
community. If an individual or business would like to see improved 
support for a particular vendor product, hardware donations are very 
much welcome :) A wiki is also planned for the Shrew Soft web site to 
host user contributed documentation and compatibility testing results.



More information about the vpn-devel mailing list