1.4. Change history

Changes since version 4.1rc2:

• Changes:
  • Default value of link's max-redial parameter changed to -1.
  • Bundle's noretry option is enabled by default now.
• Bugfixes:
  • Better up/down reason tracking.

Mpd version was bumped from 4.0rc2 to 4.1rc2 due to large number of changes done since 4.0b4 and FreeBSD ports version number conflict.

Changes since version 4.0rc1:

• Bugfixes:
  • Idle timeout fixed.
  • Fixed bug with 'set l2tp self ' specified at the server side.
  • Device type check for device-specific commands added.
  • IPCP reject is not fatal by itself now.
  • Up/down-script will now be called not for the whole interface, but for each of negotiated protocols. Proto parameter should be checked in the script!
  • Fixed ng_ppp link bandwidth configuration.

Changes since version 4.0b5:

• New features:
  • Integrated Web server added.
  • NAT support by ng_nat(4) added.
  • L2TP (RFC 2661) device type implemented.
  • UDP device type was completely rewritten. Now it:
    • does not require manual 'open' command on the server side, it behaves just like any other device type;
    • allows many connections to the same server UDP port;
    • allows not to specify peer address/port for incoming connections (so it will work through different NATs and firewalls);
    • allows not to specify self address/port for outgoing connections (so it is easier to configure);
  • TCP device type was completely rewritten. It has some minor issues due to limitation of ng_ksocket module, but now IT WORKS! :)
  • Compression Predictor-1 (RFC 1978) added.
  • Compression Deflate (RFC 1979) added.
  • Encryption DESE (RFC 1969) support was reimplemented.
  • Encryption DESE-bis (RFC 2419) support added.
  • New command 'show phys' added.
  • New command 'show summary' added.
  • Support for ipfw tables added to RADIUS ACL's.
  • New commands 'set global start...' added..
  • Added support of calling/called numbers (mostly for PPTP/L2TP).
• Changes:
  • "lcp" layer in open/close commands replaced by "link".
  • Auth configuration (set auth ...) moved from bundle layer to lcp. It works per link now.
  • MPPE policy option moved from auth layer to ccp.
• Bugfixes:
  • Fixed a few bugs on amd64 and sparc64 platforms.
  • Phys layer was made stateless to remove race condition.
  • Link layer changed to remove race conditions on LinkDown().
  • Fixed race condition in accepting PPPoE connections.
  • Link up/down reason recording is now more accurate.
  • Complete link shutdown procedure on auth failure implemented.
  • Fixed several small PPTP level processing issues.
  • Removed limitation about PPTP which must be in the bundle alone.
  • Fixed MSCHAP auth which was broken in 4.0b5.
  • Fixed memory leak in PAP and CHAP auth on the client side.
  • Fixed some CCP negotiation issues.
  • Fixed threads-related crash in internal auth.
  • Fixed crash on incoming when no free PPTP link found.
  • Bug in "rubber bandwidth" algorithm fixed.
  • Bug and possible crash fixed in DoD code.
  • Fixed bug in AUTHPROTO negotiation.
  • Fixed bug in RAD_MICROSOFT_MS_CHAP2_SUCCESS handeling. Needs testing.

Changes since version 4.0b4:

• New features:
  • IPv6 support:
    • IPV6CP support added, NCPs and IFACE calls was rewritten to support many NCPs.
    • Console now supports IPv6.
    • UDP and TCP link types now support IPv6.
    • PPTP link type is ready to support IPv6, but requires ng_pptpgre(4) to support IPv6.
    • NetFlow export over IPv6 is supported.
    • The following features don't yet support IPv6: TcpMSSFix, NetFlow, Tee, DialOnDemand.
  • TCP link type now compiles and works (but isn't yet ready for production usage).
  • NetFlow data generation on outgoing interface is supported.
  • Added a possibility to use an existing ng_netflow(4) node.
  • Added a possibility to specify network interface names instead of IP addresses.
  • Added more log levels to decrease log file size.
• Changes:
  • Default argument of open/close commands changed from iface to lcp.
• Bugfixes:
  • Fixed races between startup process and client connecting.
  • Fixed a few crashes in console.
  • Incoming call processing significantly reworked to fix some aspects of multilink server functionality.
  • The shutdown of mpd is now much more graceful: the netgraph nodes are closed, the accounting RADIUS packets for closing links are sent, new connections aren't accepted during shutdown.
  • Fixed races in filling of RADIUS packets. In particular, RAD_NAS_PORT value in the RADIUS could be wrong.
  • RADIUS support rewritten to use poll(2) instead of select(2), allowing to create a bigger number of links.
  • Fixed a problem with identifying correct interface for proxy-arp when alias addresses are used.
  • Fixed memory leaks and crashes when more than 256 PPTP bundles are in use.
  • Fixed crash in PPPoE when more than 64 parent Ethernet interfaces used.
• Performance improvements:
  • Message and PPPoE subsystems reworked to decrease number of open files per bundle.

Changes since version 4.0b3:

• BugFix: fix crash in processing of MS domain name from RADIUS server.
• New feature: automatic creation, configuring and attaching of ng_netflow(4) node.
• ng_tee(4) now can be inserted on a per bundle basis.
• New feature: on FreeBSD 6.0 and higher ng_tcpmss(4) is utilized if doing TCP MSS fixup.
• BugFix: tcpmssfix now works for both incoming and outgoing TCP segments.
• New options: update-limit-in, update-limit-out.
• Fixed loss of statistics when -t options is used.
• Fixed chat scripting, modem links not broken anymore.

Changes since version 4.0b2:

• BugFix: make PPPoE interface control events recurring, PPPoE is not broken anymore.
• Added a new startup section to the config-file, wich is loaded once at startup.
• Added a new global config space for all the global settings.
• BugFix: don't generate new challenges, while retransmitting them.
• Fix va_args bug on certain non-i386 platforms.
• Auto-load ng_ether for PPPoE connections; fix default path for undefined service.
• Rewrite the console-stuff. Multiple telnet connections are now allowed. There is no input-console anymore, must use telnet instead.
• BugFix: The directly configured password wasn't taken into account when using PAP.
• Disallow empty usernames safely.

Changes since version 4.0b1:

• Fixed a race-condition wich caused a dead-lock.
• RADIUS
  • Fixed several race-conditions when sending accounting requests.
  • Use the username from the access-accept packet (if present) for accounting requests.

Changes since version 3 (most of this work was sponsored by SURFnet SURFnet):

• Design changes: Mpd uses now a thread-based event system using libpdel, these libpdel parts are now integrated:
  • typed_mem(3)
  • pevent(3)
  • alog(3)
  Mpd uses a "Giant Mutex" for protecting its resources.
• Major new features:
  • Implemented the Extensible Authentication Protocol RFC 2284 (EAP). Currently only EAP-MD5 is supported (client and server side). EAP negotiaton can be enabled at link level.
  • Implemented OPIE (One-time Passwords In Everything).
  • Implemented authentication against systems password database master.passwd.
  • utmp/wtmp logging.
• Rewrites of the authentication subsystem:
  • Make authentication and accounting requests asynchronous using paction(3).
  • Authentication backends are acting now independently from the rest of Mpd, using some internal structs as interface.
  • The mpd.secrets file is now used as one authentication backends of many, it has no special role anymore, i.e. it could be disabled.
  • Generate a session-id at bundle and link level for using with accounting requests.
• RADIUS related changes:
  • IMPORTANT: Mpd needs now an enhanced libradius, here are the patchsets: 4-STABLE 5-CURRENT
  • Remember and send the RAD_STATE attribute.
  • Message-Authenticator support.
  • EAP Proxy Support.
• Added a new option for PPTP links for disabling the windowing mechanism specified by the protocol. Disabling this will cause Mpd to violate the protocol, possibly confusing other PPTP peers, but often results in better performance. The windowing mechanism is a design error in the PPTP protocol; L2TP, the successor to PPTP, removes it. You need a recent version of FreeBSD (NGM_PPTPGRE_COOKIE >= 1082548365) in order to get this feature.
  set pptp disable windowing
• Added a new commandline option -t for adding ng_tee into the netgraph.
  Submitted by: Gleb Smirnoff, glebius at cell dot sick dot ru
• Removed configuration parameters:
  • bundle: radius-fallback
  • iface: radius-session, radius-idle, radius-mtu, radius-route, radius-acl
  • ipcp: radius-ip
  Moved configuration parameters:
  • bundle to auth: radius-auth, radius-acct, authname, password, max-logins
  • radius to auth: acct-update
  • ccp to auth: radius and renamed to mppc-pol
  New configuration parameters:
  • link: keep-ms-domain, this prevents Mpd from stripping the MS-Domain, this is can be useful when using IAS as RADIUS server.
  • radius: message-authentic, this adds the Message-Authenticator attribute to the RADIUS request.
  • auth: internal, controles the usage of the mpd.secrets file (internal authentication backend).
  • auth: opie, enables/disables the OPIE authentication backend.
  • auth: system, enables/disables authentication against systems password database.
  • auth: utmp-wtmp, enables/disables utmp/wtmp logging. database.
  • auth: timeout, configureable timeout for the authentication phase.
  • eap: radius-proxy, this causes Mpd to proxy all EAP requests to the RADIUS server, Mpd only makes the initial Identity-Request (this saves one round-trip), every other requests are forwarded to the RADIUS server. This adds the possibility supporting every EAP-Type of the RADIUS server, without implementing each EAP-Type into Mpd.
  • eap: md5, EAP-Type MD5, it's the same as CHAP-MD5, but inside EAP frames.
• Removed defines ENCRYPTION_MPPE and COMPRESSION_MPPC, they are now built in.
• Get rid of IA_CUSTOM define.
• BugFix: Fixed a mem-leak in the pptp-ctrl stuff.