1.4. Change history

Changes since version 3.17:

• BugFix: an empty authname was passed to the iface up/down scripts in client-mode.
• BugFix: fix a mem-leak in the PPTP-Ctrl handling.
• BugFix: handle IP-Address-Assignement correctly, if the RADIUS server doesen't send the Framed-IP-Address attribute. Submitted by: Damir Bikmukhametov, boco at ufanet dot ru
• BugFix: fix a SEGV when no bundles are defined and user types "quit".
• BugFix: fix a SEGV when no bundles are defined and the telnet console was opened (in this case the tcp-wrapper option can't be checked).
• BugFix: fix build errors with newer versions of libradius.
• Added a new option for PPTP links for disabling the windowing mechanism specified by the protocol. Disabling this will cause Mpd to violate the protocol, possibly confusing other PPTP peers, but often results in better performance. The windowing mechanism is a design error in the PPTP protocol; L2TP, the successor to PPTP, removes it. You need a recent version of FreeBSD (NGM_PPTPGRE_COOKIE >= 1082548365) in order to get this feature.
  set pptp disable windowing

Changes since version 3.16:

• BugFix: keep-alives were b0rked, and every other function wich relys on valid link-stats.
• Added sample configs for ADSL-Austria.
• Fixed missing command line flags in man page and manual.

Changes since version 3.15:

• Added set bundle max-logins num option at bundle level for limiting the max. amount of concurrent logins with the same username. Original idea submitted by Andrey V. Elsukov <bu7cher@land.ru>.
• Mpd has now its own link-stats with 64 bit counters. This is a workaround for the 32 bit limitation of ng_ppp_link_stat.
• RADIUS enhancements:
  • Set the RAD_ACCT_INPUT_GIGAWORDS and RAD_ACCT_OUTPUT_GIGAWORDS attributes when sending accounting requests.
  • Use the RAD_ACCT_INTERIM_INTERVAL attribute.
• Implemented PPPoE server functionality
• Added ability to configure ipfw firewall for clients using vendor specific RADIUS attributes. Submitted by Alexander Motin <mav@alkar.net>.
• Added the possibility of choosing link by it's number (same as RAD_NAS_PORT) instead of name

Changes since version 3.14:

• Implemented a workaround for weird crashes when using RADIUS and PAP. Thanx to Alexey Popov for helping debugging this problem.
• Added the possibility of sending periodic RADIUS Accounting updates. Submitted by Vitaliy Akimov <vx@bigline.net>.
• Fixed usage of RAD_FRAMED_MTU, it is now interpreted as an upper limit and not as absolute value.
• set iface enable tcpmssfix option added. Submitted by Sergey Korolew <dsATbittu.org.ru>.
• New command line flag -a for specifying the telnet console IP address. Original idea submitted by Andrey V. Elsukov <bu7cher@land.ru>.

Changes since version 3.13:

• Added session timeout, configurable at iface level.
• Added new configuration params: chap-md5 chap-msv1 chap-msv2 at link level for explicitly configuring the different CHAP methods. The formerly chap parameter is now an alias for chap-md5 chap-msv1 chap-msv2. MS-CHAPv1 is now disabled and denied by default. A better fallback mechanism through the different auth-methods was implemented.
• More RADIUS fixes/features:
  • Use also the RAD_SESSION_TIMEOUT.
  • Fixed RAD_ACCT_TERMINATE_CAUSE.
  • Fixed MPPE-Types negotiation.
  • Session time is now calculated per link.
  • Use RAD_FRAMED_ROUTE attribute.
  • When no MPPE-Info's are returned by the server, but MPPE-Keys are, then implicitely allow encryption with all types (workaround for Microsoft IAS).
• Reset link statistics when the link goes down
• set iface radius-route option added. Submitted by Alexander Motin <mav@alkar.net>.
• DNS servers added to interface up script. Submitted by Josh Elsasser <jre@vineyard.net>.
• Fix bug in multi-session PPPoE support caused by incorrect application of the original patch. Submitted by OGAWA Takaya <t-ogawa@triaez.kaisei.org>.
• Fix problem where IP address assignment from mpd.secrets would linger and affect subsequent connections on the same bundle.

Changes since version 3.12:

• Support for PPPoE node re-use added. Patch submitted by Gleb Smirnoff <glebius@cell.sick.ru>. See also FreeBSD PR <ports/48138>.
• Multi-session PPPoE support added. Patch submitted by Hideyuki Nishiyama <hnishi@mx5.harmonix.ne.jp>
• More RADIUS fixes from Michael Bretterklieber <mbretter@jawa.at>
• After configuring the IP address, add a route to the local IP address via lo0. This prevents packets destined for the local machine from needlessly travelling across the link and back. Patch submitted by Fabio Vilan <fabio@isec.com.br>

Changes since version 3.11:

• Fixed bug in client-side MPPE key generation.

Changes since version 3.10:

• Support for authentication and IP address assignment via RADIUS was added. Thanks to Michael Bretterklieber <mbretter@jawa.at> for submitting the patches.
• Support for finding passwords using an external authentication script was added. Thanks to Gregory Bond <gnb@itga.com.au> for submitting the patches.
• Fixed build failure when MICROSOFT_CHAP is not enabled.
• Enabled support for DES encryption by default in the build.
• Fixed bug where LCP echo reply packets were being sent with garbled payload contents.
• Fixed bug with set iface mtu where an inadvertent set iface up-script command would also be invoked.
• Removed LCP_MRU_MARGIN hack which should no longer be needed. Note: you may need to explicitly use set iface mtu and/or set link mtu to get the previous MTU behavior for your configuration.
• Fixed bug where outgoing PPTP requests were not being initiated with the configured local source IP address. Note: using multiple PPTP IP addresses at the same time for incoming connections still does not work properly; workaround: use multiple MPD processes.
• Log the MTU being used each time an interface is configured.
• New command added: set udp origination.
• Link with libcrypto instead of the obsolete libdes.
• Added new command bundle option noretry.
• Install the PostScript version of the documentation as well.
• Bumped the max length for an up or down script to 128 (from 32).

Changes since version 3.9:

• Fixed more bugs when computing the interface MTU
• Added the set iface mtu command.
• Added troubleshooting chapter to the documentation.
• Peer authname is appended as an extra parameter to the interface up and down scripts.
• Fixed broken links to IETR RFC's in the references chapter of the documentation.
• Fixed bugs that only showed up on non-i386 hardware (mostly alignment bugs).
• Added new GCC -W flags and fixed lots of GCC warnings.

Changes since version 3.8:

• Added the set link mtu command.
• Fixed typo in description of set bundle period command.
• Fixed incorrect description of set ng hook command.
• Updated HTML links to on-line Netgraph documents.
• Added HTML link to Microsoft update for Windows 95/98.
• When displaying bundles and links, show the links LCP state as well.

Changes since version 3.7:

• Now setting max-redial to -1 means mpd will never redial. This is useful for dial-in servers.
• Increased the default FD_SETSIZE to 2048 so we can handle lots of bundles, and made it compile-time adjustable.
• Allow multiple PPTP connections from the same IP address when this is OK to do (no explicit peer IP addresses configured). This allows multiple incoming connections through a remote NAT device.
• Added support for 56-bit MPPE encryption.
• Allow the inner and outer PPTP IP addresses to be the same, relying on the kernel to return an error if it needs to. This reverts the change put into version 3.3.
• Fixed bug in MTU calculation when doing MPPC/MPPE.
• Added the set pptp phonenum number command.
• Added documentation for the delayed-ack and always-ack PPTP device configuration options.
• Minor tweaks to the sample config files.

Changes since version 3.6:

• Fix a bug where the MPPE keys were being incorrectly generated when MS-CHAP was used to authenticate in both directions.

Changes since version 3.5:

• Fix MS-CHAPv2 acknowledge reply to workaround Win9x bug when trying to negotiate MPPE encryption.

Changes since version 3.4:

• Fix an install problem on FreeBSD-current.
• Display the peer's authname and EID in ``show bundle'' command.

Changes since version 3.3:

• Support for MS-CHAPv2 when we are the server. Always request MS-CHAPv2 first, then accept MS-CHAPv1 if the peer requests that instead.
• Fix for possible core dump in ECP code.
• Fix for bug in event library when an invalid file descriptor is passed.
• Disallow allow PPTP peer inside and outside IP addresses from being the same; we know this won't work.
• Fixed bug in PAP code where the PAP response packet would be improperly formatted.
• Accept EINPROGRESS error from ng_ksocket connect message. This happens on FreeBSD-current for some reason.
• Accept PPTP messages with non-zero values in reserved fields. They violate the specification but some peers send them anyway.
• Remove bogus extra field in definition of PPTP StopCtrlConnReply.

Changes since version 3.2:

• There is no longer a fixed limit to the number of bundles and/or links that may be created.
• Better random number generation using srandomdev(4).
• Miscellaneous minor bug fixes.
• Support for authenticating to the peer using Microsoft CHAP Version 2 has been added. Note: When authenticating the peer, only Version 1 is requested.
• Hostnames are allowed in the configuration files.

The latter two are thanks to Franco Venturi <fventuri@mediaone.net>