"Fossies" - the Fresh Open Source Software Archive 
Member "vpnc-0.5.3/TODO" (19 Nov 2008, 4785 Bytes) of package /linux/privat/old/vpnc-0.5.3.tar.gz:
As a special service "Fossies" has tried to format the requested text file into HTML format (style:
standard) with prefixed line numbers.
Alternatively you can here
view or
download the uninterpreted source code file.
1 TODO list
2
3 * On opensolaris we need to add -interface in case the route points
4 to an interface instead of a next hop, see
5 http://www.cwinters.com/blog/2008/02/02/getting_vpnc_to_work_on_opensolaris.html
6
7 * Add native ESP support
8
9 * Allow PSK without xauth.
10
11 * further research into the "packet too short" messages.
12 - see http://lists.unix-ag.uni-kl.de/pipermail/vpnc-devel/2005-February/000553.html
13 for more information
14
15 * pass IPSEC target network to script
16 - use it to initialize the tunnel interface and routes
17
18 * clean up scripts
19 - config-support for vpnc-script
20 - customizable handling of routing
21 - switch to disable resolv.conf rewriting
22 - do $something with split_dns
23
24 * beautify paket dump output
25
26 * large code cleanup
27 - at least one function per packet (instead of one function per phase)
28 - factor out a central select-loop, send / receive code, nat-t handling
29 - maybe even add some sort of state machine
30 - get a rid of remaining (non-const) global variables
31
32 * implement phase1 rekeying (with or without xauth-reauthentication)
33 * implement compression
34 * try a list of gateways (backup server)
35 * Generate the manpage command line part directly from vpnc
36
37 * optionally use in-kernel-ipsec with pf-key
38 - merge patch
39
40 * add support for pcap and dump decrypted traffic
41
42 * research/bugs:
43 - usernames containing "@" unable to login
44 - ipsec over tcp
45 - nortel support?
46 - segfault if > 100 routes/acls (to large paket? read size?)
47 (probably "fixed" by increasing the size in r_packet in vpnc.c,
48 but why did it crash?)
49 - amd64 somehow broken? maybe gcc bugs??
50 - some debug prints get the endianess wrong
51 - In case the psk in hybrid isn't correct, the server sends annother AM_2
52 packet - to port 500 of course, even if we are using nat-t and talked on
53 4500 already. We currently don't handle that.
54
55 * optional drop root (rekey? reconnect? vpnc-script calls?)
56 - Don't drop privileges, ever, but allow to be run suid.
57 - If euid != ruid, clear out env on program start.
58 - Sanitize variables for vpnc-script (snarf code from
59 callscript.c from dhcpclient).
60 - If euid != ruid, disable command line options (but not the profile
61 parameter).
62 - If euid != ruid, treat profiles as filenames only. They must not
63 be paths, i.e. contain PATHSEP. Read them relative to /etc/vpnc.
64 - Make sure vpnc-disconnect only kills processes owned by same user.
65
66 * implement certificate support
67 * implement dsa certificates in hybrid mode
68 * Adapt lifetime (when given as time) to certificate lifetime etc
69 (rfc2401, 4.4.3)
70 * implement main mode for phase 1 (needed to *use* certificates in
71 many cases)
72
73 * factor out crypto stuff (cipher, hmac, dh)
74 - http://libtomcrypt.org/features.html
75 - http://www.foldr.org/~michaelw/ patch fertig
76 - libgcrypt (old too?)
77 - autodetect?
78 - openssl??
79 - relicense to gpl+ssl?
80
81 * links to packages, howtos, etc.
82 - kvpnc http://home.gna.org/kvpnc/
83 - vpnc+Zaurus http://users.ox.ac.uk/~oliver/vpnc.html
84 - linux-mipsel (WRT54G) http://openwrt.alphacore.net/vpnc_0.3.2_mipsel.ipk
85 - howto-de http://localhost.ruhr.de/~stefan/uni-duisburg.ai/vpnc.shtml
86
87 ----
88
89 * DONE implement hybrid-auth
90 * DONE implement DPD, RFC 3706 Dead Peer Detection
91 * DONE --local-address
92 * DONE implement phase2 rekeying
93 * DONE support rsa-SecurID token which sometimes needs 2 IDs
94 * DONE add macosx support
95 * DONE update "check pfs setting" error message
96 * DONE make doing xauth optional
97 * DONE implement udp transport NAT-T
98 * DONE fix Makefile (install, DESTDIR, CFLAGS, ...)
99 * DONE implement udp encap via port 10.000
100 * DONE svn-Repository
101 * DONE XAUTH Domain: (empty)
102 * DONE check /dev/net/tun, reject /dev/tun* on linux
103 * DONE spawn post-connect script
104 * DONE ask for dns/wins servers, default domain, pfs setting, netmask
105 * DONE automatic handling of pfs
106 * DONE send version string
107 * DONE send lifetime in phase1 and phase2
108 * DONE accept (== ignore) lifetime update in phase1
109 * DONE load balancing support (fixes INVALID_EXCHANGE_TYPE in S4.5)
110 * DONE include OpenBSD support from Nikolay Sturm
111 * DONE memleak fix from Sebastian Biallas
112 * DONE fix link at alioth
113 * DONE include man-page
114 * DONE post rfcs and drafts
115 * DONE post link to http://www.liebchen-online.de/vpn-zaurus.html
116 * DONE passcode == password
117 * DONE support for new libgcrypt versions
118 * DONE make /var/run/vpnc as needed
119 * DONE ignore "metric10 xx"
120 * DONE ignore attr 32136! (Cisco extension: XAUTH Vendor)
121 * DONE FreeBSD supported
122 * DONE NetBSD supported
123 * DONE fix vpnc-disconnect
124 * DONE --verbose
125 * DONE hide user/pass from --debug output
126 * DONE don't ignore all notifies at ipsec-sa-negotation
127 * DONE VERSION
128 * DONE --pid-file
129 * DONE --non-interactive
130 * DONE fix delete message
131 * DONE implement ISAKMP and IPSEC SA negotiate support