D-LINK NetDefend VPN Client

Release Notes:

1. Corrected behaviour with some external personal firewalls.

2. When using RSA SIG (Certificates) the client enforced IKE ID type to ASN1
   Distinguished Name independent of the configured IKE ID type.
   Due to feedback from different partners this has now been changed. The client
   now for RSA SIG uses the configured IKE ID type. For current installations using 
   RSA SIG and where ASN1 DN is used, please check that the IKE ID Type is set to
   "ASN1 Distinguished Name". The content of the IKE ID is in this case irrelevant.

3. Support for Netscreen XAUTH and Mode Config (IKECFG).

4. Prompt for XAUTH password if field is left empty.   

5. Re-keying of IKE (phase I) without disconnecting fixed. 

6. Added support to run concurrently with basically any external firewall. 
   When an external firewall is installed the NCP firewall should be turned off.

7. Problem with de-installation when using WINXP (SP2) fixed.
   Before de-installing the NCP NetDefend Client please update with this build and
   then reboot. After reboot you can de-install the NCP NetDefend Client.   	

8. Hybrid Authentication Mode (eg. CheckPoint XAUTH) now supported.

9. COSINE IKECFG mode corrected.

10.When the RAS dialer and not the NCP internal dialer was used to create the 
   provider connection, the VPN connection worked properly. After a disconnect
   and a second connect the tunnel was established but it was not possible to
   communicate over the tunnel. This is now corrected.

11.When using RSA-Signatures (Certificates) the client enforced MAIN mode. This
   behaviour has now been changed in such a way that the client always uses the 
   configured exchange mode.

12.When the client receives unencrypted data in crypto state during the IKE negotiation
   it will no longer send a NOTIFY("SITUATION_NOT_SUPPORTED"). This caused some gateways to
   terminate the IKE negotiation.

13.When the internal NCP dialer is used and the mediatype is GPRS the PIN  and APN
   are automatically sent by the client. For the Vodaphone and T-Mobile GPRS/UMTS
   cards the wait time after sending the PIN before proceeding was 12 seconds. This 
   wait time has now been set to 20 seconds to provide a more reliable connect. 

14.Corrected split-tunneling behaviour when the clients IP address assignment 
   is set to "Local Address".

15.The re-keying of phase II affected the re-keying (LifeTime) of phase I.This is now
   corrected.

16.Some Firewall's were able to block the client from working properly over lan. 
   The client was not able to recognize the LAN adapters.This has now been fixed.

17.DEFLATE compression is now supported. The monitor (GUI) still displays
   "Use IP compression (LZS)" but both methods are negotiated (LZS and DEFLATE). 
   Look into the logbook to view what actually was negotiated. The GUI will be corrected.

18.The checkbox "Use IP compression (LZS)" is now corrected to the following:
   "Use IP compression"

19.It is now possible to configurate the Domain name within the "IP Address assignment"
   tab.

20.Support for more than one user certificate.

21.EAP 802.1x changes:

   For WLAN and switches supporting port authentication the client supports EAP - MD5 - TLS.
   This makes it unneccessary to install a separate EAP client.

   EAP-MD5: UserId/Password authentication is supported and the possibility exists to get the UserId/Password 
            from the certificate used for the VPN connections.

   EAP-TLS: Certificates are used and are taken from the NCP certificate configuration. EAPOL KEY (Dynamic WEP key )
            is supported.


22.Changes done to support ZYXEL XAUTH.

DLINK NetDefend Client ver 1.01 build 22 (12-11-2004):

changes to previous version -

1- Certficate configuration not possible:

   The menu for configuration of certificates was missing after entering a correct
   serial number and activation key via the NCP popup programm. 
   This has now been corrected. 

DLINK NetDefend Client ver 1.01 build 23 (15-11-2004):

changes to previous version -

1- For non-VPN connections to provider SPI (Statefull Packet Inspection )
   is now always enabled. 

DLINK NetDefend Client ver 1.01 build 24 (16-11-2004):

changes to previous version -

1- Corrected a problem when the NCPMON (NCP Monitor) was closed and then started again.
   This caused the monitor to disconnect the current connection.


DLINK NetDefend Client ver 1.01 build 27 (26-11-2004):

changes to previous version -

1- Corrected the reading of MTU size for the installed LAN adapters. For LAN/WLAN 
   adapters that are using a MTU size smaller than 1500 Bytes a problem occurred
   with fragmentation. 

2 - Changed the XAUTH protocol for use with NETSCREEN and OTP.
 
DLINK NetDefend Client ver 1.02 build 30 (08-12-2004):

changes to previous version -

1- Corrected the default mode of NETBIOS over IP (e.g port 135-139) to be set to allowed. 

 
DLINK NetDefend Client ver 1.02 build 34 (09-12-2004):

changes to previous version -

1 - Corrected the retry behaviour when DPD (Dead Peer Detection) is active. Retries are
    now sent out with increasing sequence numbers.
	
	
DLINK NetDefend Client ver 1.02 build 36 (13-1-2005):

changes to previous version -

1 - Added support for RFC.3947 (Negotiation of NAT - Traversal in IKE).and
    RFC 3498 (UDP Encapsulation of IPSEC ESP packets). The older drafts are of course
	still supported.
	
DLINK NetDefend Client ver 1.02 build 42 (24-1-2005):

changes to previous version -

1 - Fragmenting. As the NCP client is fragmenting packets (if necessary) before applying IPSEC,
    we now also reset the DF bit (Don't fragment bit) before fragmenting.
 
2 - Corrected the NCPGINA GUI when domain logon is active. The GUI didn't show a complete 
    connection even though the connection was there.


DLINK NetDefend Client ver 1.03 build 46 (16-2-2005):

changes to previous version -

1 - Corrections of the Extended Personal Firewall..

DLINK NetDefend Client ver 1.03 build 51 (23-2-2005):

1 - Corrected a problem with a user defined installation path
    containing space.

DLINK NetDefend Client ver 1.03 build 53 (01-03-2005):

changes to previous version -

1 - Corrected some problems regarding the automatic HotSpot functionality.


DLINK NetDefend Client ver 1.03 build 58 (08-03-2005):

changes to previous version -

1 - Added support for static UDP encapsulation of ESP (default port 10000).
2 - Corrected Aggressive mode with RSA SIG to send proper ASN1 Distinguished name.

DLINK NetDefend Client ver 1.03 build 60 (21-03-2005):

changes to previous version -

1 - Corrected the selection of modems when media type modem is choosen.

