r1830 | mgrooms | 2013-04-23 21:06:08 -0500 (Tue, 23 Apr 2013) | 1 line

Modify vflt and vnet to fix an issue that caused adapter MTUs to be read
incorrectly. This issue may have caused packets to be fragmented to the
wrong size when being transmitted via the virtual network adapter on
Windows 2000 and XP.
r1825 | mgrooms | 2013-04-19 00:28:29 -0500 (Fri, 19 Apr 2013) | 1 line

Update copyright year on documentation.
r1823 | mgrooms | 2013-04-16 01:18:12 -0500 (Tue, 16 Apr 2013) | 1 line

Modify the windows ipseca and ipsecc about dialogs to display the
current copyright year.
r1821 | mgrooms | 2013-04-15 22:14:49 -0500 (Mon, 15 Apr 2013) | 1 line

Branch for 2.2.0 release.
r1816 | mgrooms | 2013-04-07 12:58:46 -0500 (Sun, 07 Apr 2013) | 1 line

Modify vflt to fix an issue that caused adapter MTUs to be read
incorrectly. This issue may have caused packets to be fragmented to the
wrong size when being transmitted via the virtual network adapter on
Windows Vista and later.
r1810 | mgrooms | 2013-04-06 15:23:59 -0500 (Sat, 06 Apr 2013) | 1 line

Modify libike visual c project to normalize the include paths across
platforms / environments.
r1808 | mgrooms | 2013-04-06 15:14:57 -0500 (Sat, 06 Apr 2013) | 5 lines

Add support for commercial oriented product builds on Windows platforms.
The software can now be built with support for limited trial periods as
well as product license code activation.

Modify the license activation program to check for a valid product code.

Fix an issue with libvnet that caused the MTU to be reported incorrectly
in the log file on Windows Vista and later.
r1743 | mgrooms | 2012-12-18 04:12:33 -0600 (Tue, 18 Dec 2012) | 1 line

Modify the Windows GUI projects to allow High Contrast mode to work in
Windows 8. Add the appropriate compatibility IDs to the manifests for
ipseca, ipsecc and ipsect. Suggested by Jernej
Simon?\196?\141i?\196?\141 on the vpn-help mailing list.
r1741 | mgrooms | 2012-12-15 17:17:30 -0600 (Sat, 15 Dec 2012) | 1 line

Modify the windows ipsecc program to handle passowrd protected file
names correctly. The base client class will pass a file name without
null termination to a client when a password is required. Make sure we
null terminate the file name before displaying it to the user.
r1739 | mgrooms | 2012-12-14 18:54:58 -0600 (Fri, 14 Dec 2012) | 1 line

Update copyright year on installed license file.
r1737 | mgrooms | 2012-12-13 20:33:21 -0600 (Thu, 13 Dec 2012) | 1 line

Modify ipseca to correctly store the local key data when saving site
configuration data. A typo crept in that was causing the local
certificate to be stored instead.
r1735 | mgrooms | 2012-12-11 00:56:52 -0600 (Tue, 11 Dec 2012) | 1 line

Update the openssl private build to support additional crypto
r1733 | mgrooms | 2012-12-10 23:36:02 -0600 (Mon, 10 Dec 2012) | 1 line

Correct an issue with the Windows ipsec connect application. Display the
file name correctly when displaying the file password dialog.
r1731 | mgrooms | 2012-12-10 23:34:17 -0600 (Mon, 10 Dec 2012) | 1 line

Update the openssl private build to support additional crypto
r1728 | mgrooms | 2012-12-09 18:24:53 -0600 (Sun, 09 Dec 2012) | 1 line

Update copyright years in the application help/about dialogs on Windows
r1727 | mgrooms | 2012-12-05 23:27:56 -0600 (Wed, 05 Dec 2012) | 1 line

Split the Windows specific adapter and dns configuration code into two
separate procedures.
r1725 | mgrooms | 2012-12-05 22:11:51 -0600 (Wed, 05 Dec 2012) | 1 line

Correct a bug in the libip route_entry assignment operator. This was
causing route delete issues during tunnel tear-down.
r1723 | mgrooms | 2012-11-19 18:06:57 -0600 (Mon, 19 Nov 2012) | 1 line

Modify windows version of libip to honor the IPROUTE_ENTRY struct to
class promotion.
r1721 | mgrooms | 2012-11-07 22:32:47 -0600 (Wed, 07 Nov 2012) | 1 line

Modify ipseca to behave correctly when a connection cannot be
established to the update server.
r1718 | mgrooms | 2012-11-06 00:20:10 -0600 (Tue, 06 Nov 2012) | 1 line

Modify the NSIS install script to work on Windows 8 systems.
r1717 | mgrooms | 2012-11-05 02:25:51 -0600 (Mon, 05 Nov 2012) | 1 line

Update documentation output paths for the 2.2 branch.
r1716 | mgrooms | 2012-11-05 02:09:44 -0600 (Mon, 05 Nov 2012) | 1 line

Create 2.2 maintenance branch.
r1715 | mgrooms | 2012-11-05 00:13:53 -0600 (Mon, 05 Nov 2012) | 1 line

Update our local zlib.lib copy to link against our new msvcr80.dll
r1714 | mgrooms | 2012-11-04 23:33:18 -0600 (Sun, 04 Nov 2012) | 1 line

Correct a regression in the NSIS install scripts that allowed the
security credentials provider to be installed on 2K/XP platforms. The
component is only supported on Windows Vista/7.
r1713 | mgrooms | 2012-11-04 23:30:01 -0600 (Sun, 04 Nov 2012) | 1 line

Update our local copy of msvcr80.dll version and manifest for both 32bit
and 64bit builds.
r1712 | mgrooms | 2012-11-04 19:00:43 -0600 (Sun, 04 Nov 2012) | 2 lines

Modify ipseca to ignore split DNS options if the dtpd service is

r1711 | mgrooms | 2012-11-04 18:34:14 -0600 (Sun, 04 Nov 2012) | 1 line

Modify ipsecc to ignore split DNS options if the dtpd service is
r1710 | mgrooms | 2012-11-04 17:52:44 -0600 (Sun, 04 Nov 2012) | 1 line

Update the NSIS and build scripts to account for new options.
r1709 | mgrooms | 2012-11-04 17:20:00 -0600 (Sun, 04 Nov 2012) | 1 line

Cleanup several NSIS install script sections. Add support for
conditional installation of the DNS proxy daemon as well as creation of
desktop shortcuts.
r1702 | mgrooms | 2012-05-18 04:25:20 -0500 (Fri, 18 May 2012) | 2 lines

Update the contrib OpenSSL build to use the latest 1.0.1c version.

r1701 | mgrooms | 2012-05-18 01:46:21 -0500 (Fri, 18 May 2012) | 1 line

Remove the stand-alone 32bit and 64bit NISI install build scripts. We
only distribute the unified install binary now.
r1700 | mgrooms | 2012-05-18 01:43:54 -0500 (Fri, 18 May 2012) | 1 line

Update the Access Manager application to improve the integrated software
update check.
r1699 | mgrooms | 2012-02-10 00:32:52 -0600 (Fri, 10 Feb 2012) | 1 line

Update the contrib OpenSSL build to use the latest 1.0.0g version.
r1698 | mgrooms | 2012-02-10 00:19:49 -0600 (Fri, 10 Feb 2012) | 1 line

Modify libvnet to free all adapter structures at shutdown.
r1697 | mgrooms | 2012-02-04 14:37:19 -0600 (Sat, 04 Feb 2012) | 1 line

Add missing project changes and update our help file to newest file
r1696 | mgrooms | 2012-02-04 14:36:03 -0600 (Sat, 04 Feb 2012) | 1 line

Complete secure domain login support. The Shrew Soft security
credentials provider will now prompt for private key passwords during
the login process. This was the last major bit missing.
r1693 | mgrooms | 2011-09-04 09:41:06 -0500 (Sun, 04 Sep 2011) | 1 line

Modify the libsscp Shrew Soft Credentials provider to call WSAStartup
and WSAShutdown on DLL load and exit. This is required to allow the
client to resolve a remote gateway DNS name to an IP when logging in via
the Credentials Provider ( Windows login screen ).
r1692 | mgrooms | 2011-08-04 19:31:33 -0500 (Thu, 04 Aug 2011) | 1 line

Modify ipsecd to temporarily work around issues related to policies not
being released properly by iked. This problem was identified during
investigatory work sponsored by Alcatel-Lucent.
r1690 | mgrooms | 2011-06-30 17:59:21 -0500 (Thu, 30 Jun 2011) | 1 line

Update the copyright date in the help file.
r1688 | mgrooms | 2011-06-30 17:27:10 -0500 (Thu, 30 Jun 2011) | 1 line

Update the properties to reflect the repository dns name change.
r1544 | mgrooms | 2011-02-01 01:11:03 -0600 (Tue, 01 Feb 2011) | 1 line

Modify the Security Credentials provider to provide a more concise error
message when a username or password is blank.
r1543 | mgrooms | 2011-01-29 13:21:46 -0600 (Sat, 29 Jan 2011) | 7 lines

Modify the iked Windows platform specific client setup and cleanup
functions to manage virtual adapter and DNS proxy settings. These were
removed from the main client control code.

Modify the Windows VPN Connect application to catch up with the options
parser changes in the generic client control interface class. The
Application has gained the ability to resume tunnel control when a
Secure Domain Login control file is present.

Modify the Shrew Soft credential provider to allow a Domain name to be
specified at login time. If the Domain name field is left blank, the
local host name is used ( local login ). After a login succeeds, the
client tunnel control interface is suspended and a control file is

Modify the NSIS installer to create a Startup shortcut for All Users
which launches the VPN Connect application in a mode that resumes tunnel
control when applicable.
r1542 | mgrooms | 2011-01-17 15:26:26 -0600 (Mon, 17 Jan 2011) | 3 lines

Modify the new Windows Vista/7 security credentials provider to create
Shrew Soft VPN connections based on the information provided during the
login process. Before credentials are provided to the windows login
process, the connection is established to the selected site
configuration. All error feedback is buffered and displayed to the user
via the standard Windows login error screen. The VPN connection
currently dies after the Windows login is completed. Nor do we provide
the UI components required to support protected RSA keyfile passwords or
login banners. These remaining issues will be corrected in a follow-up

Modify a few more Windows projects to remove include directories and
library dependencies that are no longer required.
r1541 | mgrooms | 2011-01-16 14:29:39 -0600 (Sun, 16 Jan 2011) | 1 line

Modify the NSIS installer to only allow the security credentials
provider to be installed on Vista and later Windows platforms.
r1540 | mgrooms | 2011-01-16 01:54:27 -0600 (Sun, 16 Jan 2011) | 1 line

Modify the NSIS installation scripts to include a section for the
security credentials provider.
r1539 | mgrooms | 2011-01-15 16:55:23 -0600 (Sat, 15 Jan 2011) | 3 lines

Move our copy of pfkeyv2.h file into the private project. It's only used
for Windows builds. Update the appropriate MSVC projects to include this
new path. The new SSH2 algorithms have been renamed to use the HMAC
suffix as this seems consistent with the other defined algorithm names.

Remove all unnecessary project dependencies now that liblog and libith
are not required for libidb.
r1538 | mgrooms | 2011-01-12 23:26:25 -0600 (Wed, 12 Jan 2011) | 1 line

Import the Shrew Soft Credentials Provider project. At the moment, it
only contains user interface customizations. It has yet to be integrated
with libike.
r1537 | mgrooms | 2011-01-12 00:08:08 -0600 (Wed, 12 Jan 2011) | 3 lines

Correct a regression in the Windows VPN Connect application where the
username and password fields were being displayed when a non Xauth
enabled mode was in use. Thanks to Kevin on the vpn-help mailing list
for reporting this.

Correct a few issues with the Windows VPN Access Manager application
related to DNS configuration problems. Certain widgets were not being
enabled/disabled correctly based on the user selections.
r1536 | mgrooms | 2011-01-09 23:51:12 -0600 (Sun, 09 Jan 2011) | 1 line

Modify the Windows VPN Access Manager to support the creation and remove
of public site configs. A user with administrative privileges designates
a site configuration as public when they need it to be accessed by all
users on the host. The conflict dialog has also been removed in favor of
automatic name mangling to prevent duplicates, similar to the
Linux/BSD/OSX Access Manager.
r1535 | mgrooms | 2011-01-05 22:36:16 -0600 (Wed, 05 Jan 2011) | 3 lines

Modify the Windows VPN Connect to save the user name when a successful
connection is made and the user preference requests it.

Modify the Windows VPN Access manager to not request updated site
configurations to be saved to the original file during import
r1534 | mgrooms | 2011-01-05 00:15:57 -0600 (Wed, 05 Jan 2011) | 1 line

Remove support for migrating site configurations from the registry to
files. This has been implemented in the libike site configuration
manager class.
r1533 | mgrooms | 2011-01-04 01:57:38 -0600 (Tue, 04 Jan 2011) | 1 line

Modify the Windows VPN Access Manager to store certificate and key data
directly in the site configuration. A user selects the file location for
the contents to be embedded instead of using a reference to the file
r1532 | mgrooms | 2010-12-31 00:41:45 -0600 (Fri, 31 Dec 2010) | 1 line

Modify the Windows UI components to support dh groups 16, 17 and 18.
r1531 | mgrooms | 2010-12-30 20:36:31 -0600 (Thu, 30 Dec 2010) | 1 line

Remove the site configuration upgrade functionality from the Windows VPN
Access Manager application. This is now handled by the cross platform
configuration manager class.
r1530 | mgrooms | 2010-12-30 15:45:00 -0600 (Thu, 30 Dec 2010) | 1 line

Modify the Windows GUI components to track recent changes related to
client and site configuration management. Site configs are now stored as
files under the username "AppData\Shrew Soft VPN\sites" path. Also,
correct a few bugs related to renaming site configurations and sorting
r1529 | mgrooms | 2010-12-26 01:36:43 -0600 (Sun, 26 Dec 2010) | 1 line

Add a missing file to the Window VPN Access Manager project that was
missed in the last commit.
r1528 | mgrooms | 2010-12-26 01:35:54 -0600 (Sun, 26 Dec 2010) | 1 line

Perform a code cleanup of the VPN Access Manager in preparation for the
upcoming configuration storage changes. Fix a but in the VPN Connection
application that was preventing preferences from being applied
r1527 | mgrooms | 2010-12-25 13:18:47 -0600 (Sat, 25 Dec 2010) | 1 line

Modify the Windows VPN Connect application to use the generic CLIENT
class. This unifies the connection code path for both Linux/BSD, OSX and
Windows platforms. Update all Windows application names to not be
prefixed with Shrew Soft. There was a request to shorten the names on
the mailing list so that the profile name could be seen.
r1526 | mgrooms | 2010-12-24 19:57:52 -0600 (Fri, 24 Dec 2010) | 1 line

Modify the VPN Access Manager and the VPN Connect applications to use
the config functions which now live in libike. Remove the ipsecp project
and related source code. Update the NSIS installer scripts to reflect
the absence of the library.
r1525 | mgrooms | 2010-12-24 16:01:48 -0600 (Fri, 24 Dec 2010) | 1 line

Move the dialog configuration helper functions from libipsecp to ipseca.
They were only use by the Access Manager. Introduce a new config manager
class that handles file and registry operations of the config class.
This is in preparation of migrating the config code into libike and
retiring libipsecp.
r1524 | mgrooms | 2010-12-22 13:48:16 -0600 (Wed, 22 Dec 2010) | 1 line

Modify the Windows GUI components and the IPsec daemon to support SHA2
algorithms. We now include hash and hmac options for the 256, 384 and
512 bit variants.
r1523 | mgrooms | 2010-12-19 17:19:14 -0600 (Sun, 19 Dec 2010) | 1 line

Modify the VPN Connect and VPN Access Manager programs to improve visual
style and handle keyboard navigation more properly. We now perform a
runtime check to see if the OS is Windows XP or later. If so, we enable
the theme dialog texture on our pages to use the appropriate styles and
color. We also manually set the dialog z-order so that keyboard
navigation is more natural between outer and inner dialog tabs.
r1522 | mgrooms | 2010-12-17 19:07:00 -0600 (Fri, 17 Dec 2010) | 1 line

Update the Windows GUI tools to fix some accessibility issues. The VPN
Access Manager now allows proper keyboard navigation to site
configuration icons and tab stops now work in the site properties
dialog. The foreground color for text has been changes to use the system
color in the VPN Connect and VPN trace application. This allows the test
to be viewable when high contrast color schemes are in use. These bugs
were reported by Aaron Howell and Joshua Hudson.
r1521 | mgrooms | 2010-12-17 02:20:04 -0600 (Fri, 17 Dec 2010) | 1 line

Modify the daemons and the kernel driver interface libraries to conform
to recent libith changes. This will help user land programs interact
with the drivers more correctly, especially when drivers try to unload
r1517 | mgrooms | 2010-12-16 01:18:19 -0600 (Thu, 16 Dec 2010) | 1 line

Update the copyright on the license text file to match the current year.
Update the NSIS installer to prefix the Start Menu short cut links with
VPN so they are more easily located. Suggested by Grant and Brian Mathis
on the vpn-devel list.
r1514 | mgrooms | 2010-12-12 14:33:57 -0600 (Sun, 12 Dec 2010) | 1 line

Modify the svn external property for the drivers folder to point to release.
r1510 | mgrooms | 2010-12-10 02:02:51 -0600 (Fri, 10 Dec 2010) | 1 line

Make sure we test for the IPC_WAKEUP value when evaluating libith io
read results. Otherwise we could loop endlessly trying to re-open the
file handles during shutdown.
r1509 | mgrooms | 2010-12-09 23:03:59 -0600 (Thu, 09 Dec 2010) | 1 line

Fix the ipsec trace application to correctly display log file data in
the service tabs.
r1506 | mgrooms | 2010-12-04 01:44:15 -0600 (Sat, 04 Dec 2010) | 3 lines

Modify dtpd sources to fix a few memory leaks. Make sure we free
configuration data when a client disconnects.

Modify ipsecd sources to fix a few memory leaks. Call the appropriate
openssl cleanup routines when a thread exits. Add two functions that
wrap openssl initialization and cleanup and make sure they are called at
daemon startup and shutdown. Cleanup unnecessary functions related to
openssl DH group exchanges.
r1505 | mgrooms | 2010-11-30 19:36:29 -0600 (Tue, 30 Nov 2010) | 1 line

Modify the ike, ipsec and dtp daemons to use asynchronous vflt read
operations. This avoids calls to select which woke up every 500ms to
check for an exit status. As a result, all daemons remain in an
efficient wait state at all times until an action needs to be performed.
The vflt interface library was modified to use asynchronous versions of
the ReadFileEx and WriteFileEx windows methods and daemon specific io
loops were modified to take advantage of this.
r1502 | mgrooms | 2010-11-28 18:15:05 -0600 (Sun, 28 Nov 2010) | 1 line

Add NSIS build script to create packages using the latest kernel driver
development builds.
r1501 | mgrooms | 2010-11-26 17:49:39 -0600 (Fri, 26 Nov 2010) | 1 line

Replace icon image files with a single consolidated file per
application. These new files include higher resolution versions to
provide a better user experience on Windows Vista and Windows 7.
r1498 | mgrooms | 2010-10-01 12:00:21 -0500 (Fri, 01 Oct 2010) | 1 line

Correct an issue with the VPN Access Manager related to pcf import. When
a non encrypted password is present, don't try to hex-decode it. Just
import it as plain text.
r1482 | mgrooms | 2010-09-01 00:36:48 -0500 (Wed, 01 Sep 2010) | 1 line

Correct a problem with the libip route delete function. Under some
circumstances, the function would fail to match the route for deletion
on Windows Vista/7 platforms.
r1479 | mgrooms | 2010-08-17 16:19:42 -0500 (Tue, 17 Aug 2010) | 1 line

Generate HTML documents by topic name not by UID. This should prevent
links to the documentation from breaking every time its re-generated
from source.
r1476 | mgrooms | 2010-08-17 16:14:42 -0500 (Tue, 17 Aug 2010) | 1 line

Update the help documentation to reflect the policy level changes.
r1470 | mgrooms | 2010-08-10 00:14:41 -0500 (Tue, 10 Aug 2010) | 1 line

Modify iked to store a DHCP MAC address seed value in the Windows
registry. Another file storage mechanism will be used on Linux and BSD.
r1467 | mgrooms | 2010-08-09 22:49:50 -0500 (Mon, 09 Aug 2010) | 1 line

Modify ipsecd to not add padding to ESP payloads when the pad length
equals the block cipher size. Certain gateways drop the packets when
additional padding is optionally appended. Thanks to Andrew Langefeld at
Adtran for diagnosing the issue.
r1464 | mgrooms | 2010-08-05 01:41:20 -0500 (Thu, 05 Aug 2010) | 1 line

Modify ipsecd to avoid responding to ARP requests on the virtual adapter
when the ARP source and target match a NONE policy. This helps the
client work correctly when the local host network overlaps with a
tunneled network.
r1461 | mgrooms | 2010-08-05 01:33:50 -0500 (Thu, 05 Aug 2010) | 1 line

Modify the Windows NSIS installer script to be smarter about upgrading a
system. If removing components require a reboot, do this before we
install new components. The installer now prompts the user to reboot and
automatically restarts the installer.
r1456 | mgrooms | 2010-07-21 22:44:36 -0500 (Wed, 21 Jul 2010) | 1 line

Remove the kernel driver build scripts. They are no longer required.
r1455 | mgrooms | 2010-07-21 22:44:00 -0500 (Wed, 21 Jul 2010) | 1 line

Prepare for signed kernel driver releases. The source code has now been
relocated to a separate repository branch. The code is now common among
all releases. A subversion property is now used to point a vpn client
release at a particular kernel release branch bin folder that contains
the signed kernel drivers. Remove the kernel code source from this
branch and update the scripts to point to the new subversion external.
r1424 | mgrooms | 2010-07-14 01:42:00 -0500 (Wed, 14 Jul 2010) | 1 line

Fix another bug in the driver package build script.
r1421 | mgrooms | 2010-07-14 01:27:22 -0500 (Wed, 14 Jul 2010) | 3 lines

Switch DNS proxy port to 4553. Using 50053 can cause conflicts if the OS
allocates that port for dynamic use.

Fix a bug in the driver package build script. This was preventing a
complete build of install package after a fresh checkout.
r1418 | mgrooms | 2010-07-10 17:42:20 -0500 (Sat, 10 Jul 2010) | 3 lines

Modify the DNS proxy daemon to install DNS divert rules when an active
connection has proxy policies installed. The DNS divert rules are
removed when the proxy policy count reaches zero. Also switch the UDP
DNS proxy port from 8053 to 50053 to avoid any potential conflict with
other software that may use this port.

Modify the IPsec daemon to only install the ARP mirror rule when a pfkey
client has IPsec security policies installed. The ARP mirror rule is
removed when the security policy count reaches zero.
r1415 | mgrooms | 2010-07-09 02:09:16 -0500 (Fri, 09 Jul 2010) | 1 line

Update documentation images and catch up with some feature changes.
r1412 | mgrooms | 2010-07-08 21:47:34 -0500 (Thu, 08 Jul 2010) | 1 line

Correct a regression in libvnet. When a iked attempts to acquire a
virtual adapter and none are available, libvnet creates a new device on
behalf of the caller. This process was broken on Windows Vista/7
platforms. To correct this, adapt the updated device creation code in
our installation helper application devcfg to work in libvnet. Device
creation now works correctly on all supported Windows platforms.
r1408 | mgrooms | 2010-07-05 14:45:16 -0500 (Mon, 05 Jul 2010) | 1 line

Update dptd to specify larger packet buffer sizes for use with libike
packet read functions. Make sure we reset the IP packet buffer size
after every read. Simplify the DNS state handling code. The refcount
implementation was overkill considering how simple the locking
requirements are. We now use simple mutex locking to protect the state
r1406 | mgrooms | 2010-07-05 14:40:01 -0500 (Mon, 05 Jul 2010) | 1 line

Update iked to use specify larger packet buffer sizes for use with
libike packet read functions. While here, normalize some common variable
name suffixes so they are more uniform.
r1404 | mgrooms | 2010-07-02 14:30:06 -0500 (Fri, 02 Jul 2010) | 1 line

Correct a regression in the iked socket wrapper code. After fixing
several bugs in the NDIS6 LWF driver, the client interface library now
honors an option that was previously being ignored. The socket wrapper
no longer requests that only a single packet be returned for each recv
call. This causes IP/UDP fragments to be dropped since the call would
overwrite any unread packet data that had been returned in a previous
call. To avoid this, a new libike member function has been added to
allow a caller to check to see if data is available in the recv buffer.
The recv function is now only called when the recv buffer is empty.
r1403 | mgrooms | 2010-07-02 13:47:35 -0500 (Fri, 02 Jul 2010) | 2 lines

Correct an issue with the Windows VPN Connect application that occurred
when the dns-suffix attribute was absent. This was fixed in the
Linux/BSD version but was missed in the Windows version.

r1401 | mgrooms | 2010-06-29 00:11:39 -0500 (Tue, 29 Jun 2010) | 1 line

Correct an issue in iked related to registry address list handling. Make
sure we null the buffer before reading and parsing an address list.
Otherwise, we may believe we read an address from a zero data length
registry value. This leads to problems when we attempt to revert
temporary address modifications. Many thanks to St?\195?\169phane Daguet
for submitting the bug report and his before/during/after registry
screen shots.
r1400 | mgrooms | 2010-06-27 23:25:54 -0500 (Sun, 27 Jun 2010) | 1 line

Update the Windows VPN Connect application to support the simplified
libike message handling changes that were recently committed.
r1398 | mgrooms | 2010-06-27 01:40:30 -0500 (Sun, 27 Jun 2010) | 1 line

Modify the Windows release build script to sign all executables. This
allows a descriptive name and the company name to be displayed when
prompted by UAC. Also juggle the VPN Trace application icon resources so
that they are used correctly by the Windows shell. Previously, the low
resolution icon was being displayed when the high resolution version
should have been.
r1396 | mgrooms | 2010-06-26 15:10:06 -0500 (Sat, 26 Jun 2010) | 3 lines

Add Windows program manifest files for the IKE, IPSEC and DNS daemons as
well as the VPN Trace application. These manifests specify that
administrative privileges are required for proper operation. This should
avoid the issue where the VPN Trace application appears broken due to
insufficient execution privileges.

Modify the Windows IPsec daemon, VPN Connect and VPN Access Manager
applications to support the new IPsec policy level options. These
changes are compatible with Linux/BSD PF_KEY conventions.
r1393 | mgrooms | 2010-05-25 23:04:05 -0500 (Tue, 25 May 2010) | 1 line

When installing the NDIS5 filter drivers on 2K/XP, call DIFx pre-install
on both mfilter and pfilter INFs. An IM driver install doesn't appear to
be complete without calling pre-install on the miniport INF but the
driver isn't removed properly unless remove is also called on protocol
INF. This appears to leave systems cleaner after our software is removed
and also avoids a crash when the Novell client is installed. While here,
correct a drvcfg message box typo displayed during error conditions.
r1392 | mgrooms | 2010-05-11 19:37:26 -0500 (Tue, 11 May 2010) | 1 line

Update the windows project build environments to supply the OPT_NATT
flag where appropriate.
r1390 | mgrooms | 2010-05-11 19:34:32 -0500 (Tue, 11 May 2010) | 1 line

Modify the vvflt driver to avoid crashes when handling WANLINE UP/DOWN
notification messages. We now perform several sanity checks on the
message structure and avoid calls to RtlUnicodeStringToAnsiString which
should not be called at dispatch level. Many thanks to Joel Wener who
reported this issue, provided minidumps and tested several candidate
fixes before a correct solution could be found. While here, sync the
kernel driver sources to the driver development repository.
r1388 | mgrooms | 2010-05-11 19:16:40 -0500 (Tue, 11 May 2010) | 1 line

Modify the libup IPROUTE iface_2_addr member function to pass a gateway
address value. This allow us to use fuzzy matching to select the correct
address when multiple addresses exist for a single interface.
r1384 | mgrooms | 2010-03-14 18:53:11 -0500 (Sun, 14 Mar 2010) | 1 line

Modify the Windows VPN Connect application to blank the password once a
connection attempt is in flight. Also add an installation check to
ensure the software is not being installed with compatibility settings
enabled. This can have dire consequences as incorrect kernel drivers can
be installed as a result of the OS reporting an incorrect version during
install. The software also performs runtime checks to execute the
correct code path based on the OS version reported.
r1382 | mgrooms | 2010-03-14 16:56:55 -0500 (Sun, 14 Mar 2010) | 7 lines

Modify iked to not hold a virtual network device handle open during the
life of the connection. Instead, we now open and close device handles as
needed during tunnel setup and teardown. This allows systems to easily
transition to a low power state without iked monitoring the handle for

Correct a regression in the flt drivers which was introduced recently.
After collecting a list of fragmented packets, recreate the test buffer
using the data from the lead packet. This fixes fragment processing in
the filter code path.

Keep track of the number of active adapters when NDIS6 filter adapter
bindings are being paused or restarted. We use this count to determine
when the system will potentially transition into a low power mode or a
system shutdown. When this occurs, all bindings are paused so we use
this opportunity to proactively free resources and fail certain client

Update driver inf and resource files to reflect a version and date
r1380 | mgrooms | 2010-03-05 01:23:29 -0600 (Fri, 05 Mar 2010) | 1 line

Modify the NDIS5 and NDIS6.2 filter drivers to validate Ethernet packets
match the adapter Ethernet address before processing. This should allow
bridged networking services ( VMware and VirtualBox bridged networking )
to co-exist with the Shrew Soft VPN client on the host computer.
r1378 | mgrooms | 2010-03-05 00:01:16 -0600 (Fri, 05 Mar 2010) | 3 lines

Correct a bug in the vflt interface library that did not classify an
error return code properly. This caused the driver unload process to
hang because a service would not close the handle after returning from a
select call general failure ( ie, device no longer available ).

Push down the select ioctl error handling into the select function call
on windows. We want to recycle the handle in the case of an unexpected
r1376 | mgrooms | 2010-03-01 22:33:30 -0600 (Mon, 01 Mar 2010) | 3 lines

Update the NDIS6 LWF driver to NDIS6.1 and implement support for Windows
7 Mobile Broadband adapters. This change includes some fairly major
changes to the IPv4 fragmentation cache and packet filtering code.
Windows Mobile Broadband adapters pass raw IP frames with no Ethernet
headers so several key function were modified to bypass Ethernet header
processing to accommodate this. Several issues were also corrected where
an IPv6 frame could be evaluated as an IPv4 frame. This could cause
instability in some edge cases.

Update all driver inf and resource files to reflect a version change. We
now use the latest WDK to build the NDIS5 drivers using the WXP platform
type. Several tests were run to ensure the Windows 2K OS platforms were
r1371 | mgrooms | 2010-01-31 13:12:21 -0600 (Sun, 31 Jan 2010) | 1 line

Modify the windows access manager application to allow for
routes to be added as an include network. This will allow clients to
force all traffic across the tunnel even if a split network list is
received by the gateway. Fix a bug that caused pcf imports to be
incomplete when a group name was not specified. We now set a default
local identity type value of address for PSK authentication modes and
asn1dn for RSA modes. Fix a bug that caused pcf imports to fail when a
key name was specified with no value.
r1369 | mgrooms | 2009-12-16 09:45:20 -0600 (Wed, 16 Dec 2009) | 1 line

Rervert our change to the NDIS5 virtual network driver that removed
handling of OID_802_3_MAXIMUM_LIST_SIZE. Apparently it is required for
proper operation even if we don't support multicast addresses.
r1367 | mgrooms | 2009-12-15 01:48:29 -0600 (Tue, 15 Dec 2009) | 1 line

Correct a minor whitespace nit in NDIS6 virtual adapter driver.
r1365 | mgrooms | 2009-12-15 01:42:36 -0600 (Tue, 15 Dec 2009) | 7 lines

Add a run time check in our NDIS5 driver to determine if we are running
on Windows 2000 or XP. Convert the statistics to return 32bit counter
values on 2000 and 64bit on XP. Use 64bit counters in our NDIS6 driver
for SentOk and RecvOk. All other NDIS6 counters already returned 64bit

Remove handling of OID_802_3_MAXIMUM_LIST_SIZE in our NDIS5/6 drivers as
we don't support multi-cast addresses.

Return NDIS_STATUS_NOT_SUPPORTED in our NDIS5 driver for all IODs that
we don't handle instead of NDIS_STATUS_INVALID_OID. This is what
examples in the WDK do.

Update the NDIS5/6 virutal adapter INFs to report NCF_VIRTUAL as
suggested by Thomas.
r1363 | mgrooms | 2009-12-12 20:58:23 -0600 (Sat, 12 Dec 2009) | 1 line

Modify libvnet and consumers to be more intelligent when opening device
handles. When read access is requested, the driver queues packets on the
send path on behalf of the consumer. This is undesirable unless we
really plan to read them.
r1361 | mgrooms | 2009-12-12 20:04:40 -0600 (Sat, 12 Dec 2009) | 1 line

Revert a minor change that was unnecessary for proper NDIS6 virtual
network adapter statistics gathering.
r1359 | mgrooms | 2009-12-12 19:42:57 -0600 (Sat, 12 Dec 2009) | 1 line

Update the test_vnet application to allow the adapter link state and
speed to be manually set.
r1357 | mgrooms | 2009-12-12 19:41:30 -0600 (Sat, 12 Dec 2009) | 1 line

Update both the NDIS5 and NDIS6 virtual network adapter drivers to
report statistics correctly.
r1354 | mgrooms | 2009-12-05 13:28:19 -0600 (Sat, 05 Dec 2009) | 1 line

Add the Visual Studio project I missed while adding test_vnet in a
previous commit.
r1353 | mgrooms | 2009-12-05 13:26:26 -0600 (Sat, 05 Dec 2009) | 1 line

Bring in virtual network adapter interface library to support the new
driver functionality. Modify the Windows socket wrappers to honor these
changes. While here, correct a bug discovered in the filter driver
interface library which caused the packet limit option to consistently
r1351 | mgrooms | 2009-12-05 13:21:24 -0600 (Sat, 05 Dec 2009) | 1 line

Bring in virtual network adapter changes from the private driver
development branch. The updated driver allows for functionality similar
to *nix tap devices. Also import a new vnet_test application which
creates a virtual Ethernet bridge between two systems using UDP socket
relay. This allows us to stress test the new features in a lab
r1348 | mgrooms | 2009-11-26 15:45:46 -0600 (Thu, 26 Nov 2009) | 1 line

Update NSIS build path after local re-install.
r1345 | mgrooms | 2009-11-19 00:27:46 -0600 (Thu, 19 Nov 2009) | 1 line

Modify our driver package build script to create checked versions of the
packages. The signed binaries will be committed to the repository for
each release.
r1341 | mgrooms | 2009-11-18 17:36:33 -0600 (Wed, 18 Nov 2009) | 1 line

Update the driver build script and add a new script for creating driver
packages. We now build the netcfg install helper application along with
drivers using the DDK framework. Driver packages are created in the
developer studio output path. At some point we will merge these with the
main solution using DDKBUILD.
r1339 | mgrooms | 2009-11-18 17:21:48 -0600 (Wed, 18 Nov 2009) | 1 line

Modify several definitions in various driver header files. These changes
will not modify driver behavior but help the Microsoft static code
analysis tool understand special functions. Without them, a number of
false positive are reported in the output.
r1336 | mgrooms | 2009-11-18 17:16:26 -0600 (Wed, 18 Nov 2009) | 1 line

Remove the driver build script from the install directory. It is
obsoleted by two new scripts named build-drivers and build-packages
witch will be located in the source directory.
r1333 | mgrooms | 2009-11-18 17:12:24 -0600 (Wed, 18 Nov 2009) | 2 lines

Remove the visual studio projects used to build the netcfg install
helper application. This never worked well and should be replaced by
projects that use DDKBUILD sometime in the future.

r1330 | mgrooms | 2009-11-15 16:42:55 -0600 (Sun, 15 Nov 2009) | 1 line

Remove the visual studio projects used to build the NDIS5 kernel
drivers. This never worked well and should be replaced by projects that
use DDKBUILD sometime in the future.
r1326 | mgrooms | 2009-11-15 16:15:04 -0600 (Sun, 15 Nov 2009) | 1 line

Update internal kernel driver version numbers to 2.2.
r1324 | mgrooms | 2009-11-15 15:50:17 -0600 (Sun, 15 Nov 2009) | 1 line

Update all head driver versions to
r1320 | mgrooms | 2009-11-14 23:59:37 -0600 (Sat, 14 Nov 2009) | 53

Merge in the changes from an external driver development branch. Most of
this work was completed by Thomas Divine ( PCAUSA | http://www.ndis.com
) under contract by Shrew Soft Inc. Thomas has played an instrumental
role in improving the Shrew Soft NDIS kernel drivers. We highly
recommended his services to anyone who may need help with network kernel
driver development.

The following is annotated text derived from documentation provided by


Crash in vvnet.sys VNETInitialize when bringing up tunnel on Windows 7
x64 Edition.

One problem was that some driver initialization was being performed
after calling NdisMRegisterMiniport. In fact, VNETInitialize can be
called before NdisMRegisterMiniport returns. Partial fix is to
initialize these variables before calling NdisMRegisterMiniport. Key
problem is that VNETInitialize and VNETHalt were marked as pagable. Just
because a NDIS callback is marked as being called as PASSIVE_LEVEL does
not mean that it can be pagable. There are other criteria that make it
difficult to determine whether a callback can be pagable. Also in
VNETInitialize UNICODE functions buffer sizes were being initialized
with the character count instead of the length in bytes of the buffer.


Crash in vvnet.sys VNETHalt when closing tunnel on Windows 7 x64

Key problem is that VNETInitialize and VNETHalt were marked as pagable.
Just because a NDIS callback is marked as being called as PASSIVE_LEVEL
does not mean that it can be pagable. There are other criteria that make
it difficult to determine whether a callback can be pagable.


Problems in NDIS query/set implementation.

The original implementation attempted to perform all work in the
MiniportQueryInformation and MiniportSetInformation handlers. This
approach waited in these routines for the NdisRequest call to complete.
The wait approach involved using NdisWaitEvent. Unfortunately the
MiniportQueryInformation and MiniportSetInformation handlers can be
called at DISPATCH_LEVEL which prohibits the use of NdisWaitEvent. The
architecture was revised to eliminate waiting in
MiniportQueryInformation and MiniportSetInformation handlers.
Modifications to query information are deferred until
ProtocolRequestComplete is called.


Accessing IRP after IoCompleteRequest has been called.

In VNETDispatch access is made to an IRP that has already been
completed. The act of calling IoCompleteRequest will free or recycle the
IRP memory before returning. Accessing the IoStatus field is accessing
memory that is (or may be...) freed already. Fixed in both vnet and


Fault in SyncRefDec.

Noticed that in FLTProcessPacket a RefCount was being incremented
without being protected by a spin lock. Syncing this is necessary. Brief
testing showed that the crash in SyncRefDec could no longer be
reproduced easily after using SyncRefInc() in FLTProcessPacket. Fixed in
both vflt and vvflt.

Additional Work

Correct a problem that caused vvflt driver unload to hang indefinitely.
FilterUnload was intended to call FilterDeregisterDevice after all
device handles were closed. With the NDIS5 driver, this causes all
dispatch requests to fail. The caller will close its device handle and
the driver unload proceeds. However, in NDIS6 all device handles must be
closed before FilterUnload is called. We now return an error for
dispatch requests when all miniport bindings have been removed. This
prompts callers to close device handles and NDIS to call FilterUnload.

Correct a problem in the vvflt driver pause routine. The driver would
return from a pause request when send or receive operations were still
in flight. The pause routine now waits for all outstanding send or
receive operations to complete before completing pause requests.

All driver inf and compiler resource now have updated version values and
r1318 | mgrooms | 2009-11-14 12:55:00 -0600 (Sat, 14 Nov 2009) | 1 line

Modify our script that builds our kernel driver catalogs and signs our
packages. We were missing the Windows 7 platform when preparing NDIS6
r1316 | mgrooms | 2009-09-23 01:42:17 -0500 (Wed, 23 Sep 2009) | 1 line

Modify the NDIS6 virtual network driver to report a 10Mbit link speed
instead of a 100Kbit link speed. This was causing problems with some
applications that adapt themselves for dialup connections. Reported by
Patric Forsgard.
r1314 | mgrooms | 2009-08-19 01:09:06 -0500 (Wed, 19 Aug 2009) | 1 line

Fix a few bugs related to pcf import on windows platforms. Ignore any
leading exclamation marks for pcf file lines. This is intended to denote
the data should be read-only after import but we currently have no way
to enforce this. Use a default value of auto for phase2 PFS.
r1312 | mgrooms | 2009-07-12 17:38:17 -0500 (Sun, 12 Jul 2009) | 1 line

Correct a bug in libvflt that led to truncated packets on win32 due to
an incorrect evaluation of Ethernet header data. As far as I can tell,
this only affected very large fragmented IP datagrams post re-assembly.
r1310 | mgrooms | 2009-06-28 18:02:18 -0500 (Sun, 28 Jun 2009) | 9 lines

Add support to windows gui components for importing cisco PCF files. For
PSK based modes, this is a one step process. For RSA based modes, the
certificate info must be assigned manually in a second step. Cisco PCF
files don't contain certificate data so this cannot be automated.

Modify windows gui to support a new option that allows any remote id and
value to be accepted. Although this option should generally be avoided,
it was added to help the Cisco PCF import process as they rarely contain
remote ID information.

Modify windows gui to support non-address identity types in main mode.
Although this option has been requested several times, it technically
violates RFCs so I have been reluctant to add it. Now that it is an
option, we warn the user when appropriate.

Update the windows gui components to use native windows message dialogs
for warning and error messages. We had some custom dialogs for this but
they were very inflexible.

Implement a work-around for the issue that causes multiple address to be
assigned to the virtual adapter.
r1308 | mgrooms | 2009-05-06 00:30:30 -0500 (Wed, 06 May 2009) | 1 line

Modify the installation process to check for an available user.cfg file
that contains user preference settings. This allows a installer package
to set default preferences for an organization.
r1306 | mgrooms | 2009-04-29 00:18:19 -0500 (Wed, 29 Apr 2009) | 1 line

Add the Windows UI support for Cisco Hybrid Authentication.
r1304 | mgrooms | 2009-04-25 12:25:32 -0500 (Sat, 25 Apr 2009) | 1 line

Update the vpn help documentation to use deflate instead of none for the
compression algorithm. The none keyword is actually not supported. In
most cases deflate is not used but the statement is required for the
sainfo section.
r1302 | mgrooms | 2009-02-25 04:03:39 -0600 (Wed, 25 Feb 2009) | 1 line

Correct a few more installer issues. There was a major issue with a typo
that slipped in last minute that caused problems with the default 64bit
install path. Another bug that would cause an uninstall to fail if the
install path was non-standard was also corrected. Lastly, the invalid
legacy location of the uninstaller path used by 2.1.4 and older versions
is now removed. While here, cleanup some white spaces in comments.
r1300 | mgrooms | 2009-02-23 01:49:26 -0600 (Mon, 23 Feb 2009) | 1 line

Significantly improve the NSIS installer scripts. Move all functionality
into macros. The installer sections now only call a collection of macros
in most cases. Use these macros to implement uninstall functionality
directly in the installer. Add a unified installer script that builds an
installer for all supported platforms. The installer is about 900k
larger than the x64 installer. With a total size of 2.6 MB, the increase
is negligible. Correct the registry path used to write the uninstaller
information so that it is displayed correctly in the add/remove programs
control panel applet. Correct a few other minor issues.
r1298 | mgrooms | 2009-02-23 01:29:37 -0600 (Mon, 23 Feb 2009) | 1 line

Modify the driver install utility to include some additional flags in
the DIFx calls. The most important new flag is the
DRIVER_PACKAGE_DELETE_FILES which removes our files when the driver
package is deleted.
r1296 | mgrooms | 2009-02-23 01:25:12 -0600 (Mon, 23 Feb 2009) | 1 line

Correct a few regressions in the NDIS 5 vflt kernel driver. Only
initialize the request event once. When calling NdisRequest, pass a
local variable to receive the status value and copy the result if the
status is success. Otherwise, we incorrectly interpret the result value
as a failure when the real result was passed by the completion handler.
r1295 | mgrooms | 2009-02-15 02:25:46 -0600 (Sun, 15 Feb 2009) | 1 line

Remove two message box popups from the NSIS installer script that were
added for debug purposes.
r1293 | mgrooms | 2009-02-15 02:19:02 -0600 (Sun, 15 Feb 2009) | 1 line

Correct a typo in the NSIS script for 64bit platforms that prevented the
filter driver from being removed properly during uninstall.
r1292 | mgrooms | 2009-02-12 03:56:45 -0600 (Thu, 12 Feb 2009) | 1 line

Correct a bug in the NDIS 5 kernel driver. Only initialize the
intermediate device instance if all adapter query calls complete
r1290 | mgrooms | 2009-02-12 03:54:00 -0600 (Thu, 12 Feb 2009) | 1 line

Correct a bug in the filter interface library where we passed an int
when a string was expected. This caused iked to crash when the error
condition occurred and debug output was enabled.
r1289 | mgrooms | 2009-02-12 03:50:49 -0600 (Thu, 12 Feb 2009) | 1 line

Update a comment in the Windows ike socket handling code to be more
r1287 | mgrooms | 2009-02-05 05:09:24 -0600 (Thu, 05 Feb 2009) | 1 line

Modify the windows specific code to honor the socket cleanup changes
initially made for unix platforms. Also, add the windows specific bits
to allow Cisco UDP encapsulation of ESP packets. Initial support for
this was submitted by Robert Nelson.
r1286 | mgrooms | 2009-01-24 23:24:39 -0600 (Sat, 24 Jan 2009) | 1 line

Replace the Windows platform check with a version check to determine the
supported NDIS version. We now properly detect Windows 7 beta and
install the correct kernel drivers.
r1283 | mgrooms | 2009-01-16 09:10:21 -0600 (Fri, 16 Jan 2009) | 1 line

Correct improper handling of WanLine notifications in the NDIS 6 filter
driver. This caused communications failures for subsequent Dialup
adapter connections.
r1281 | mgrooms | 2009-01-12 08:19:48 -0600 (Mon, 12 Jan 2009) | 1 line

Final version of the power state transition handling updates for the
NDIS 5 filter driver. This corrects a few bugs that were introduced.
Lots of testing went into this version so it should be ready for general
r1279 | mgrooms | 2009-01-03 21:59:47 -0600 (Sat, 03 Jan 2009) | 1 line

Rewrite power state transition handling for the NDIS 5 filter driver.
Some code paths were being handled incorrectly and packet reference
counting was invalid. These issues could cause a host to stop processing
packets correctly or hang during shutdown.
r1278 | mgrooms | 2008-11-28 05:34:05 -0600 (Fri, 28 Nov 2008) | 1 line

Improve some logging in the libvflt forward lookup code. This was added
while troubleshooting an issue and should be generally useful.
r1275 | mgrooms | 2008-11-10 20:30:24 -0600 (Mon, 10 Nov 2008) | 1 line

Modify the Windows VPN connect application to report which peer iked has
established a tunnel with. This is useful when communicating with Cisco
gateways that perform load balancing.
r1273 | mgrooms | 2008-11-06 20:13:04 -0600 (Thu, 06 Nov 2008) | 1 line

Correct a bug in the dptd client io thread that could lead to a hang
when the service control manager attempts to stop the process. This
could lead to issues especially during uninstall.
r1271 | mgrooms | 2008-11-05 18:36:51 -0600 (Wed, 05 Nov 2008) | 1 line

Modify the Window VPN Connect application to only request Checkpoint
Vendor support when the site configuration has the option enabled.
r1269 | mgrooms | 2008-11-05 18:13:16 -0600 (Wed, 05 Nov 2008) | 1 line

Add a new option to the Windows Access Manager application that allows
the Checkpoint vendor ID option to be enabled during phase1
negotiations. A similar option will be added to the Unix variant in a
follow up commit.
r1268 | mgrooms | 2008-10-28 20:39:02 -0500 (Tue, 28 Oct 2008) | 1 line

Modify the NSIS install scripts to ensure all services have been stopped
before attempting to remove them. I believe this may correct problems on
slow systems during the uninstall process.
r1266 | mgrooms | 2008-10-23 19:05:34 -0500 (Thu, 23 Oct 2008) | 1 line

Fix a critical bug in the libvflt forward lookup cache. The entry time
stamps were not being evaluated correctly which led to permanent entries
in the cache. These entries could only be cleared by restarting the
effected service.
r1264 | mgrooms | 2008-10-23 18:58:53 -0500 (Thu, 23 Oct 2008) | 1 line

Minor cleanup in the dtpd recv path. Do not resolve the MAC header
manually. This is handled by the IP packet functions.
r1262 | mgrooms | 2008-10-23 07:13:03 -0500 (Thu, 23 Oct 2008) | 1 line

Avoid the lengthy route lookup process in dtpd when receiving DNS server
add messages on windows platforms. Instead, modify the message to
include an interface address parameter which is known by the caller.
r1260 | mgrooms | 2008-10-23 06:16:59 -0500 (Thu, 23 Oct 2008) | 1 line

Work around a really frustrating issue in dtpd where the windows
GetBestRoute function can take many seconds ( 6+ in my testing ) to
return a route after it has been properly added. Not much we can do
except to bump up the retry count and be patient while windows plays
r1257 | mgrooms | 2008-10-22 21:44:30 -0500 (Wed, 22 Oct 2008) | 1 line

Add support for PPP Dialup adapters on NDIS 6 platforms. This differs
somewhat from the NDIS 5 IM drivers due to differences in the private
protocol data that is passed in WANLINE messages. Instead of using the
IP address to locate the appropriate adapter, use a derivative of the
device name for matching. This was tested between Vista and a local
FreeBSD PPP server.
r1255 | mgrooms | 2008-10-17 01:44:30 -0500 (Fri, 17 Oct 2008) | 1 line

Update the NDIS 6 inf driver date.
r1253 | mgrooms | 2008-10-17 01:39:39 -0500 (Fri, 17 Oct 2008) | 1 line

Modify the NDIS 6 virtual network driver to support explicit link state
change messages. This functionality was added to the NDIS 5 drivers some
time ago. These changes resolved issues with DNS configuration after
connection time on 2000/XP. Hopefully this will help with similar issues
with Vista that were reported recently by Noach Sumner.
r1252 | mgrooms | 2008-10-16 09:33:49 -0500 (Thu, 16 Oct 2008) | 5 lines

Add an option to the windows Access Manager application to automatically
check for available software updates at a specified interval. This is
accomplished by using an http request to a Shrew Soft update server. If
an update is available, a description is displayed to the user in the
form of a popup window along with an option to visit the software
download page.

Add code to the windows Access Manager application which updates a site
configuration from version 2 to version 3. This is to prevent errors
from occurring in VPN Connect due to DNS suffix option modifications
made in a recent commit. Similar update logic will need to be added to
the unix Access Manager variant. While here, correct a few window state
change problems in the site confirmation editor tabs.

Add a work around an issue which caused the About dialog window license
text to be selected in both the Access Manager and VPN Trace
r1251 | mgrooms | 2008-10-13 01:31:04 -0500 (Mon, 13 Oct 2008) | 1 line

Modify the Windows Access Manager and VPN Connect applications to allow
the DNS suffix automatic setting from being specified separately from
the DNS server options.
r1247 | mgrooms | 2008-10-11 18:47:15 -0500 (Sat, 11 Oct 2008) | 1 line

Correct a bug in the VPN Connect application where a host name is
treated as an IP address if the leading character is a numeric digit.
Issue reported by Daniel P.
r1246 | mgrooms | 2008-10-10 09:28:51 -0500 (Fri, 10 Oct 2008) | 1 line

Add support for up to four DNS server and two WINS server addresses to
the windows Access Manager application. Support multiple name server
addresses has existed in iked for quite some time so no changes are
required. A similar modification to the unix variant of these
application will be included in a follow up commit.
r1245 | mgrooms | 2008-10-09 21:31:03 -0500 (Thu, 09 Oct 2008) | 3 lines

Add a new virtual adapter option to the windows Access Manager and VPN
Connect applications. This allows a randomized virtual address to be
selected from a specified subnet. Using this option has some serious
drawbacks. Without the ability to send ARP packets over an IPsec
connection, it is impossible to detect and resolve address selection
conflicts. However, when a large address pool is used, the odds of
multiple clients selecting an identical virtual adapter address is
considerably lower than the possibility of multiple clients having
identical public address when behind a SOHO router performing NAT. Most
of these routers tend to use the same private network definitions by
default and are never changed.

Update the windows VPN Connect application to only set the xconf request
flag when an option is to be negotiated. Setting the option flag
directly denotes that an option is statically configured. The Unix
variant ikec will need to be updated to reflect this change.
r1244 | mgrooms | 2008-10-08 00:22:28 -0500 (Wed, 08 Oct 2008) | 1 line

Note the connection time in the Windows VPN Connect application. Show
the elapsed time in a system tray tooltip. When minimizing to the system
tray after connecting, show a balloon tooltip that states the connection
has been established.
r1242 | mgrooms | 2008-10-07 08:12:58 -0500 (Tue, 07 Oct 2008) | 1 line

Remote some invalid single quotes around from the NSIS installer scripts
that were causing problems with x64 NDIS5 driver installs.
r1240 | mgrooms | 2008-10-07 07:24:04 -0500 (Tue, 07 Oct 2008) | 1 line

When the windows NSIS installer script detects a reboot is required,
don't start the network services. They will be restarted after the
r1238 | mgrooms | 2008-10-07 06:58:10 -0500 (Tue, 07 Oct 2008) | 1 line

Modify the windows installation helper applications to detect when
windows thinks a system should be rebooted after installation. Update
the NSIS installer scripts to set the reboot flag accordingly. I suspect
this may resolve most of the remaining install issues that have been
reported by users.
r1237 | mgrooms | 2008-10-07 05:28:48 -0500 (Tue, 07 Oct 2008) | 1 line

Modify libvnet to use asynchronous IO when communicating with the vnet
kernel driver. This avoids blocking when multiple threads attempt to use
the same file descriptor for simultaneous operations. For example, it
significantly reduces the tunnel setup and shutdown time for windows
clients that uses a large number of security policies.
r1236 | mgrooms | 2008-10-06 21:52:25 -0500 (Mon, 06 Oct 2008) | 1 line

Make some minor modifications to the service log output colorization in
the VPN Trace application.
r1234 | mgrooms | 2008-10-01 12:12:27 -0500 (Wed, 01 Oct 2008) | 1 line

Disable a few debug printf statements in the windows libip route class
r1233 | mgrooms | 2008-09-29 23:51:39 -0500 (Mon, 29 Sep 2008) | 1 line

Modify the windows ipsec trace application to load log files a bit
r1231 | mgrooms | 2008-09-29 08:13:47 -0500 (Mon, 29 Sep 2008) | 3 lines

When searching for a security policy in ipsecd, consider the policy
type. This corrects an issue where we are attempting to process a packet
using IPsec but we are returned a NONE policy which is invalid. This
problem was identified when ipsecd spoofed an ARP request for a packet
destined to our default gateway which was also an IPsec gateway.

Correct a bug in ipsecd where the source address was being logged
instead of the destination address while processing ARP packets.
r1230 | mgrooms | 2008-09-26 00:53:03 -0500 (Fri, 26 Sep 2008) | 1 line

Remove the windows specific code used to stop and start the caching DNS
resolver service. This is no longer used.
r1224 | mgrooms | 2008-09-02 03:45:13 -0500 (Tue, 02 Sep 2008) | 1 line

Hack a private openssl header file to be compatible with newer SDK
r1223 | mgrooms | 2008-09-02 03:44:20 -0500 (Tue, 02 Sep 2008) | 3 lines

Now that we are using the vista compatible SDK header files, downgrade
the NT version so that our GUI components will continue to function.

Update the windows libip route class to lookup interface route metrics.
The metric is used when creating routes on vista platforms. Since this
is a vista only function, we are forced to check the OS version and
manually obtain the lib procedure address at runtime. This replaces a
gruesome hack that determined a valid route metric by brute force.
r1222 | mgrooms | 2008-08-30 22:05:20 -0500 (Sat, 30 Aug 2008) | 1 line

Modify the libip IPROUTE class to use the IPROUTE_ENTRY structure as a
parameter instead of passing many individual parameters. Modify all
private windows consumers to honor this change.
r1220 | mgrooms | 2008-08-23 09:02:10 -0500 (Sat, 23 Aug 2008) | 1 line

Make sure we set the version number for new site configurations in the
windows access manager.
r1218 | mgrooms | 2008-08-16 20:45:41 -0500 (Sat, 16 Aug 2008) | 1 line

Update the installer scripts to support all known MS Windows operating
systems. If the installer cannot detect the operating system type, fail
the installation instead of assuming it is an NDIS 5 compatible
r1213 | mgrooms | 2008-07-01 00:06:46 -0500 (Tue, 01 Jul 2008) | 1 line

Correct some problems with VPN Trace. This was caused by invalid casts
to types that were not appropriate for 64bit pointers.
r1210 | mgrooms | 2008-06-30 21:17:03 -0500 (Mon, 30 Jun 2008) | 1 line

Correct two major bugs in the NDIS 6 filter driver receive path. After
modifying the net buffer list linked list, the original list count was
being passed instead of the modified list count. This was causing
problems when used with NDIS 6 miniport drivers that pass more than a
single net buffer list in a linked list. Thanks to Joerg De La Haye and
Matthew Carle for reporting this problem. Also, revert any changes made
to a net buffer list before returning when NDIS_TEST_RECEIVE_CANNOT_PEND
is true.
r1207 | mgrooms | 2008-06-19 09:01:16 -0500 (Thu, 19 Jun 2008) | 1 line

Fix a few grammatical errors in our help documentation.