Version 2.0.1

• Added ike-port option to choose between port 500 and 4500 for IKE exchange
• Option ignore-server-cert now also works for SAML webview

Version 2.0.0

• Added GTK UI support
• Refactored application into 4 subcrates
• Switched from VTI to XFRM device for IPSec tunnel
• Fixed an issue with semicolon-separated search domains
• Various bugfixes

Version 1.0.2

• Tray icons are now built into the application instead of relying on external theme
• Support AES-192 encryption

Version 1.0.1

IPSec tunnel:

• Added certificate authentication
• Added weaker algorithms support
• Added support for DH 2048 group
• Various fixes for rekeying and keeplive

Version 1.0.0

Changes since last rc version

• Bugfixes

Full 1.0.0 Changelog

• SAML SSO support via external identity provider login
• IPSec tunnel is now implemented using IKE exchange instead of HTTP call for key management
• New option: esp-lifetime, which controls CHILD SA expiration time in seconds. Default is 3600 (1 hour)
• New option: ike-lifetime, which controls IKE SA expiration time in seconds. Default is 28800 (8 hours)
• Add custom routes even if no-routing flag is set
• Use port 500 for IKE exchange
• Added embedded webview support via webkit2gtk compile-time feature flag, for SAML SSO authentication

Version 1.0.0-rc.3

• Added compile-time webkit2gtk feature which enables embedded webview
• Use port 500 for IKE exchange
• Refactored NAT-T probing to use external gateway IP
• Add custom routes even if no-routing flag is set (fixes #12)
• Added ike-lifetime option
• Changed default lifetimes to 28800 and 3600 for IKE and ESP SA respectively

Version 1.0.0-rc.2

• Implemented IPSec tunnel re-keying after ESP SA is expired
• Added esp-lifetime option which controls ESP SA expiration time in seconds. Default is 86400 (24 hours)

Version 1.0.0-rc1

This release adds a major feature: SAML SSO support via web browser. Additional changelog:

• IPSec tunnel is now implemented using IKE exchange instead of HTTP call for key management. This is required for SAML support.
• Refactored internal handling of S-expressions used in Checkpoint tunnels
• Refactored handling of user passwords: because of SAML support they are no longer required and no longer prompted by default. User may still be prompted for a password via the tunnel MFA request.

Version 0.11.0

• Fixed a bug with infinite challenge requests
• Fixed status check after tunnel is configured
• Added password prompt for standalone mode
• Fixed a regression with the whitespaces in search domains

Version 0.10.0

• Use search domains instead of routing domains when configuring tunnel interface
• Trim whitespaces from search domains
• Added no-keychain option to disable libsecret integration
• Only store password in the OS keychain after the tunnel is established successfully
• login-type is a required option now