135 lines
No EOL
6.1 KiB
Text
135 lines
No EOL
6.1 KiB
Text
2018-12-16 - TunSafe v1.5-rc2
|
|
|
|
Changes:
|
|
1.Don't add endpoint route if route is not in included_routes
|
|
2.In BSD network code, don't add a route that's a subset of an Address
|
|
3.Don't add Excluded routes when Table=off
|
|
4.Display packet loss in Windows UI
|
|
5.Enable DNS block only if the DNS addr is a part of the routes
|
|
6.Support for WireGuard over TCP. Use Endpoint=tcp:// to connect
|
|
to a TCP server, and use ListenPortTCP=12345 to listen on TCP.
|
|
7.Add support for Two Factor authentication. Read more on:
|
|
https://github.com/TunSafe/TunSafe/wiki/Two-Factor-Authentication-with-TunSafe
|
|
8.Add support for a hybrid TCP/UDP mode that uses TCP for handshakes
|
|
and UDP for data traffic. This means that PersistentKeepalive can
|
|
be significantly raised to for example 300 seconds, since as long
|
|
as the TCP connection remains open through NAT then the WireGuard
|
|
connection will stay alive. Enable with Features=hybrid_tcp
|
|
9.Support for obfuscated WireGuard connections. Use ObfuscateKey=foo
|
|
in the [Interface] section to setup the obfuscator key. It needs
|
|
to be set to the same thing on both sides. There's also another
|
|
setting to masquerade TCP connections as TLS. Use ObfuscateTCP to
|
|
setup how TCP gets obfuscated. The default is to just make everything
|
|
look totally random. It can also be set to tls-chrome or tls-firefox
|
|
to make the traffic look like HTTPS traffic.
|
|
10.Display incoming invalid packets in Windows UI
|
|
|
|
2018-10-21 - TunSafe v1.5-rc1
|
|
|
|
Changes:
|
|
1.The kill switch is now remembered across computer restarts and
|
|
is deactivated when disconnecting. Without this behavior, the
|
|
kill switch is unusable when auto connecting on Windows startup.
|
|
2.The kill switch is now optionally turned off on disconnect,
|
|
and a button is shown in the UI to turn off the kill switch.
|
|
3.The kill switch can be configured to don't block local networks,
|
|
this is used only for the firewall based kill switch.
|
|
4.Allow multiple DNS servers
|
|
5.Now the 'tunsafe' command line tool exists, which supports
|
|
wg compatible configuration and statistics printing. The names
|
|
of the adapters are the same as the adapters in the Control
|
|
Panel network settings. It's used only when TunSafe runs
|
|
in service mode.
|
|
6.The 'tunsafe' command line tool supports multiple wireguard
|
|
sessions simultaneously using different tun interfaces.
|
|
7.Optimize IpToPeerMap for faster lookup using a trie.
|
|
8.Print a notice if a route we're trying to add already exists,
|
|
perhaps will make it easier to debug issues.
|
|
9.Resolve DNS queries using a background thread, to make it
|
|
possible to interrupt slow DNS queries.
|
|
10.IPv6 endpoint was printed incorrectly on the Advanced tab
|
|
11.Show an error message and drop packets if the TUN queue grows
|
|
too large. This is a problem with the TAP NDIS6 driver on Win7.
|
|
12.Bundle the TunSafe-TAP installer instead of downloading it.
|
|
13.Don't show empty directories in the server list.
|
|
|
|
2018-10-08 - TunSafe v1.4
|
|
|
|
Changes:
|
|
1.Show a couple of more error strings when failing to edit registry.
|
|
2.Allow # comments in config file inside of a line
|
|
3.Enable persistent keepalive timer on sent handshakes
|
|
|
|
2018-08-11 - TunSafe v1.4-rc1
|
|
|
|
Changes:
|
|
1.Subfolders in the Config/ directory now show up as submenus.
|
|
2.Added a way to run TunSafe as a Windows Service.
|
|
Foreground Mode: The service will disconnect when TunSafe closes.
|
|
Background Mode: The service will stay connected in the background.
|
|
No longer required to run the TunSafe client as Admin as long as
|
|
the service is running.
|
|
3.New config setting [Interface].ExcludedIPs to configure IPs that
|
|
should not be routed through TunSafe.
|
|
4.Can now automatically start TunSafe when Windows starts
|
|
5.New UI with tabs and graphs
|
|
6.Cache DNS queries to ensure DNS will succeed if connection fails
|
|
7.Recreate tray icon when explorer.exe restarts
|
|
8.Renamed window title to TunSafe instead of TunSafe VPN Client
|
|
9.Main window is now resizable
|
|
10.Disallow roaming endpoint when using AllowedIPs=0.0.0.0/0
|
|
Only the original endpoint is added in the routing table so
|
|
this would result in an endless loop of packets.
|
|
11.Display approximate Wireguard framing overhead in stats
|
|
12.Preparations for protocol handling with multiple threads
|
|
13.Delete the routes we made when disconnecting
|
|
14.Fix error message about unable to delete a route when connecting
|
|
|
|
2018-06-20 - TunSafe v1.3-rc3
|
|
|
|
Changes:
|
|
1.Add option to block Internet traffic outside of TunSafe. Either
|
|
based on firewall rules, or by adding a null route, or both.
|
|
The firewall rule blocks all traffic except traffic from TunSafe,
|
|
loopback traffic, and DHCP traffic on the default NIC.
|
|
The route rule adds two /1 routes to 0.0.0.0.
|
|
2.Convert LF to CRLF when importing config files
|
|
3.Update some logging messages
|
|
4.Delete the old routing rule pointing at the VPN server IP when
|
|
disconnecting
|
|
5.Delete any conflicting old routing rule pointing at the VPN server
|
|
when connecting.
|
|
6.Tray popup menu did not disappear when clicking outside of it.
|
|
7.Show config file names also in tray popup menu.
|
|
8.Make the menu item bold if connection is selected in popup menu.
|
|
9.Don't show the .conf filename extension in the UI.
|
|
10.Show also config file name when hovering on tray icon.
|
|
11.Click on the connected server to toggle connection
|
|
12.Fix bug where internet blocking checkbox was not removed.
|
|
13.Change so bold is used for selected server, and checkbox
|
|
is used when connected.
|
|
14.Use WS_EX_COMPOSITED to reduce flicker
|
|
15.Now possible to enter a filename on command line to connect to.
|
|
16.Support /minimize and /minimize_on_connect command line opts.
|
|
17.Support PreUp,PostUp,PreDown,PostDown options on [Interface]
|
|
Note: For security reasons you need to first enable them,
|
|
so either Shift-Click on Options and select Allow Pre/Post Commands
|
|
or specify the /allow_pre_post command line option.
|
|
|
|
2018-04-29 - TunSafe v1.2
|
|
|
|
Changes:
|
|
1.Use /24 instead of failing when a /32 Address is used
|
|
2.Use /120 instead of failing when a /128 Address is used
|
|
3.Add routes for all entries in AllowedIPs
|
|
|
|
2018-04-29 - TunSafe v1.1
|
|
|
|
Changes:
|
|
1.Retry on failed DNS lookup. Helps when resuming from sleep.
|
|
2.Display a better message if the TAP adapter can't be found.
|
|
3.Retry connect when getting ERROR_FILE_NOT_FOUND.
|
|
|
|
2018-03-06 - TunSafe v1.0
|
|
|
|
First public release. |