[Vpn-help] New 2.1.0 alpha 7 release ...

Matthew Grooms mgrooms at shrew.net
Thu Feb 14 11:20:53 CST 2008 

All,

I posted a new 2.1.0 alpha 7 release on the website yesterday. The only 
major feature that has been added is support for renegotiating phase1 
SAs in client mode. This means that the client connection time is no 
longer limited to the lifespan of the ISAKMP SA initially negotiated. 
Other changes include a major rewrite of the internal object database. 
This helps normalize the reference counting API and provides a better 
mechanism for handling error conditions and relaying them to the client 
interface. My suspicion is that this change will fix the infrequent 
random hangs that have been reported by some users. The other major 
improvement was to the way DNS settings are handled during client tunnel 
setup which I will cover in more detail below. Besides that, lots of 
code cleanup and minor improvements have been made. Please see the 
release changelogs on the download page for more detail.

http://www.shrew.net/?page=download

So, there has been a major oversight in name service configuration up 
till now. I try to use a diverse environment for development and 
testing. My main workstation is SMP and runs XP with static address and 
DNS settings. My virtual machine workstation test rig provides a mixed 
set of UP and SMP systems configured via DHCP to cover the various 
platforms supported by the client software. Somehow, I missed the fact 
that windows systems configured via DHCP utilize a different set of 
registry entries for name service configuration. How did this happen? 
The client software must grok registry settings of the public adapter to 
setup its services accordingly. Local tests were successful on systems 
currently configured via DHCP due to settings that happened to be 
present in the registry from a previously static adapter configuration. 
When the settings didn't match, the problem began to reveal itself. In 
any case, this release should correct this major blunder by implementing 
the appropriate handling based on the public interface configuration 
method. For those of you using DHCP and are experiencing DNS or WINS 
issues, please give this release a try and let me know if the situation 
has improved. If is has, a bit of hate mail is certainly in order :)

Thanks,

-Matthew

More information about the vpn-help mailing list