[Vpn-devel] VPN Client Development Update ...
Matthew Grooms
mgrooms at shrew.net
Tue Oct 23 18:33:01 CDT 2007
All,
Its hard to believe that almost two years have passed since development
of the Shrew Soft VPN Client first began. It started out as a simple x86
Windows 2000/XP only client designed to support connectivity with the
IPsec Tools racoon daemon. Since then, it has grown a competitive
feature set and has been ported to the amd64 Windows XP, FreeBSD, NetBSD
and Linux operating systems. The vast majority of the source code has
also been released under an OSI approved open source license and the
software is in the process of being packaged for inclusion with several
major OS distributions. I would like to thank everyone who has supported
the Client development over the last few years. Without helpful input
from many people that performed testing and submitted bug reports, the
cultivation of this software would have been next to impossible.
Whats in store for the future? The upcoming 2.0.2 release will likely be
the last in the 2.0 series with development efforts being refocused on
the 2.1 branch. Lots of new features are on the road map with some of
the items already implemented and tested. Here is an excerpt from the
todo list posted on the website. If I forgot to add an item that was
promised for the 2.1 release, please let me know ...
2.1.0 release - Bug fix and fine tuning
----------------------------------------------------------------------
X Review option flag usage for client struct
X Make divert rule management dynamic
X Add support for syslog output on unix targets
X Add support for DHCP over IPsec configuration method
X Add support for strictly manual client configuration method
X Add stateful fragment evaluation to filter driver
. Add batched packet send and recv support to filter driver
. Add timestamps in non-syslog log output
. Add support for x86/amd64 Windows Vista platforms
. Add support for multiple DNS/WINS server addresses
. Make Split DNS work with an adapter specific DNS suffix
. Add support for automatic renegotiation of IKSAMP SAs
. Add support for storing key and cert data in the site config
. Add user preference dialog for site manager
. Add preference for client minimize to system tray
. Add preference for pre-populating user names
. Import new logo and improved icon sets
. Validate and document support for Cisco ASA gateways
. Validate and document support for Juniper SSG gateways
. Validate and document support for Fortigate gateways
. Validate and document support for Zywall gateways
? Add adaptive communications during connect ( Frag/NATT )
? Move to a purely primitive based tunnel confguration interface
? Add ability to drag site connections as shortcuts
? Add support for lzs compression ( patent encumbered )
? Add support for Microsoft certificate and key storage api
. !!! All reported bugs !!!
A great new logo and icon set has been contributed for user interface
components. This will be imported during the 2.1 development cycle. Here
is a quick peek at what things will look like in the near future ...
http://www.shrew.net/vpn/newartwork.jpg
You may have also noticed that several of the items on this list have to
do with improving interoperability with commercial VPN gateways. To help
achieve this goal, the following vendor products have been purchased and
will be used for development and ongoing compatibility testing ...
Cisco Systems Adaptive Security Appliance
Juniper Networks SSG Firewall/IPsec
Fortinet Fortigate
Zyxel Zywall VPN/Firewall
Future gateway purchases will be based on feedback provided by the user
community. If an individual or business would like to see improved
support for a particular vendor product, hardware donations are very
much welcome :) A wiki is also planned for the Shrew Soft web site to
host user contributed documentation and compatibility testing results.
Thanks,
-Matthew
More information about the vpn-devel
mailing list