"Fossies" - the Fresh Open Source Software Archive

Member "vpnc-0.5.3/TODO" (19 Nov 2008, 4785 Bytes) of package /linux/privat/old/vpnc-0.5.3.tar.gz:


As a special service "Fossies" has tried to format the requested text file into HTML format (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file.

    1 TODO list
    2 
    3 * On opensolaris we need to add -interface in case the route points
    4   to an interface instead of a next hop, see
    5   http://www.cwinters.com/blog/2008/02/02/getting_vpnc_to_work_on_opensolaris.html
    6 
    7 * Add native ESP support
    8 
    9 * Allow PSK without xauth.
   10 
   11 * further research into the "packet too short" messages.
   12   - see http://lists.unix-ag.uni-kl.de/pipermail/vpnc-devel/2005-February/000553.html
   13     for more information
   14 
   15 * pass IPSEC target network to script
   16   - use it to initialize the tunnel interface and routes 
   17 
   18 * clean up scripts
   19   - config-support for vpnc-script
   20   - customizable handling of routing
   21   - switch to disable resolv.conf rewriting
   22   - do $something with split_dns
   23 
   24 * beautify paket dump output
   25 
   26 * large code cleanup
   27   - at least one function per packet (instead of one function per phase)
   28   - factor out a central select-loop, send / receive code, nat-t handling
   29   - maybe even add some sort of state machine
   30   - get a rid of remaining (non-const) global variables
   31 
   32 * implement phase1 rekeying (with or without xauth-reauthentication)
   33 * implement compression
   34 * try a list of gateways (backup server)
   35 * Generate the manpage command line part directly from vpnc
   36 
   37 * optionally use in-kernel-ipsec with pf-key
   38   - merge patch
   39 
   40 * add support for pcap and dump decrypted traffic
   41 
   42 * research/bugs:
   43   - usernames containing "@" unable to login
   44   - ipsec over tcp
   45   - nortel support?
   46   - segfault if > 100 routes/acls (to large paket? read size?)
   47     (probably "fixed" by increasing the size in r_packet in vpnc.c,
   48     but why did it crash?)
   49   - amd64 somehow broken? maybe gcc bugs??
   50   - some debug prints get the endianess wrong
   51   - In case the psk in hybrid isn't correct, the server sends annother AM_2
   52     packet - to port 500 of course, even if we are using nat-t and talked on
   53     4500 already. We currently don't handle that.
   54 
   55 * optional drop root (rekey? reconnect? vpnc-script calls?)
   56   - Don't drop privileges, ever, but allow to be run suid.
   57   - If euid != ruid, clear out env on program start.
   58   - Sanitize variables for vpnc-script (snarf code from
   59     callscript.c from dhcpclient).
   60   - If euid != ruid, disable command line options (but not the profile
   61     parameter).
   62   - If euid != ruid, treat profiles as filenames only. They must not
   63     be paths, i.e. contain PATHSEP. Read them relative to /etc/vpnc.
   64   - Make sure vpnc-disconnect only kills processes owned by same user.
   65 
   66 * implement certificate support
   67 * implement dsa certificates in hybrid mode
   68 * Adapt lifetime (when given as time) to certificate lifetime etc
   69   (rfc2401, 4.4.3)
   70 * implement main mode for phase 1 (needed to *use* certificates in
   71   many cases)
   72 
   73 * factor out crypto stuff (cipher, hmac, dh)
   74   - http://libtomcrypt.org/features.html
   75   - http://www.foldr.org/~michaelw/ patch fertig
   76   - libgcrypt (old too?)
   77   - autodetect?
   78   - openssl??
   79   - relicense to gpl+ssl?
   80 
   81 * links to packages, howtos, etc.
   82   - kvpnc http://home.gna.org/kvpnc/
   83   - vpnc+Zaurus http://users.ox.ac.uk/~oliver/vpnc.html
   84   - linux-mipsel (WRT54G) http://openwrt.alphacore.net/vpnc_0.3.2_mipsel.ipk
   85   - howto-de http://localhost.ruhr.de/~stefan/uni-duisburg.ai/vpnc.shtml
   86 
   87 ----
   88 
   89 * DONE implement hybrid-auth
   90 * DONE implement DPD, RFC 3706 Dead Peer Detection
   91 * DONE --local-address
   92 * DONE implement phase2 rekeying
   93 * DONE support rsa-SecurID token which sometimes needs 2 IDs
   94 * DONE add macosx support
   95 * DONE update "check pfs setting" error message
   96 * DONE make doing xauth optional
   97 * DONE implement udp transport NAT-T
   98 * DONE fix Makefile (install, DESTDIR, CFLAGS, ...)
   99 * DONE implement udp encap via port 10.000
  100 * DONE svn-Repository
  101 * DONE XAUTH Domain: (empty)
  102 * DONE check /dev/net/tun, reject /dev/tun* on linux
  103 * DONE spawn post-connect script
  104 * DONE ask for dns/wins servers, default domain, pfs setting, netmask
  105 * DONE automatic handling of pfs
  106 * DONE send version string
  107 * DONE send lifetime in phase1 and phase2
  108 * DONE accept (== ignore) lifetime update in phase1
  109 * DONE load balancing support (fixes INVALID_EXCHANGE_TYPE in S4.5)
  110 * DONE include OpenBSD support from Nikolay Sturm
  111 * DONE memleak fix from Sebastian Biallas
  112 * DONE fix link at alioth
  113 * DONE include man-page
  114 * DONE post rfcs and drafts
  115 * DONE post link to http://www.liebchen-online.de/vpn-zaurus.html
  116 * DONE passcode == password
  117 * DONE support for new libgcrypt versions
  118 * DONE make /var/run/vpnc as needed
  119 * DONE ignore "metric10 xx"
  120 * DONE ignore attr 32136! (Cisco extension: XAUTH Vendor)
  121 * DONE FreeBSD supported
  122 * DONE NetBSD supported
  123 * DONE fix vpnc-disconnect
  124 * DONE --verbose
  125 * DONE hide user/pass from --debug output
  126 * DONE don't ignore all notifies at ipsec-sa-negotation
  127 * DONE VERSION
  128 * DONE --pid-file
  129 * DONE --non-interactive
  130 * DONE fix delete message
  131 * DONE implement ISAKMP and IPSEC SA negotiate support