└── README.md


/README.md:
--------------------------------------------------------------------------------
  1 | The [securityrouter.org](http://securityrouter.org) project is a network operating system and software distribution based on OpenBSD which is developed and maintained by <a href="http://halon.io">Halon Security</a>. New systems are deployed by [downloading](http://dl.halon.io/vsr/) a software image. The easiest way to update existing systems is to perform an [automatic update](http://securityrouter.org/wiki/Update) from within the product's administration.
  2 | 
  3 | New major versions can contain configuration syntax changes which might render a previously working configuration invalid, and thus affect the operation of the system after an update. We therefore urge all users to perform such updates with caution; **take a snapshot** if running it as a virtual machine, or at least **backup the plain-text configuration** and **monitor the update** on the screen/[console](http://securityrouter.org/wiki/Serial_console), so that you can perform recovery or roll back to an [older software version](https://buy.securityrouter.org/version/), if necessary.
  4 | 
  5 | If you need to rollback you can [choose version](https://buy.securityrouter.org/version/) for your serial number.
  6 | 
  7 | There is an [RSS feed](https://github.com/securityrouter/changelog/releases.atom) available.
  8 | 
  9 | 
 10 | ## 6.6-p1
 11 | Unreleased
 12 | - **`Bug`** Fix regression since 6.6 with multiple VLAN interfaces
 13 | 
 14 | ## 6.6
 15 | Release on 2019-12-16
 16 | - **`New`** Based on [OpenBSD 6.6](http://www.openbsd.org/65.html)
 17 |   - New [`bpe`](https://man.openbsd.org/bpe) IEEE 802.1Q (PBB) interface
 18 |   - Support for Intel Ethernet 700 series via [`ixl`](https://man.openbsd.org/ixl.4)
 19 |   - Support for Mellanox ConnectX-4/5/6 via [`mcx`](https://man.openbsd.org/mcx.4)
 20 |   - The `relayd` load balancer supports SNI and [binary checks](https://man.openbsd.org/relayd.conf.5#check_binary_send)
 21 |   - Multiprocessor (SMP) improvements 
 22 | - **`Imp`** Compiled with Clang 8.0.1
 23 | - **`Imp`** Web administration now uses PHP 7.3
 24 | - **`Dep`** OpenBSD 6.6 has disabled `mobileip` in the generic kernel
 25 | 
 26 | ## 6.4
 27 | Released on 2019-01-07
 28 | - **`New`** Based on [OpenBSD 6.4](http://www.openbsd.org/64.html)
 29 |   - Support for Broadcom BCM573/4xx and Microchip USB 3.0 Ethernet via [`bnxt`](https://man.openbsd.org/bnxt) and `mue`
 30 |   - New [`rad`](https://man.openbsd.org/rad.8) daemon for IPv6 Router Advertisement that replaces KAME `rtadvd`
 31 | - **`Imp`** Support for new LACP options `mode passive` and `timeout fast` 
 32 | - **`Imp`** Compiled with Clang 6.0.0
 33 | - **`Imp`** Added new Diffie–Hellman (DH) to IKE IPsec page
 34 | - **`Dep`** The default BGP filter action was changed from allow to deny
 35 | 
 36 | ## 6.3-p1
 37 | Released on 2018-08-23
 38 | - **`Bug`** Applied [6.3 errata](http://www.openbsd.org/errata63.html) up to #018
 39 | 
 40 | ## 6.3
 41 | Released on 2018-07-04
 42 | - **`New`** Based on [OpenBSD 6.3](http://www.openbsd.org/63.html)
 43 |   - Improved network performance thanks to less locking
 44 |   - New [`syncookies`](https://man.openbsd.org/pf.conf.5) option in firewall
 45 |   - Support for Intel Cannon Lake and Ice Lake integrated Ethernet
 46 |   - New [`efi`](https://man.openbsd.org/efi.4) driver for EFI runtime services
 47 |   - Mitigation for Meltdown vulnerability for Intel CPUs
 48 | - **`Imp`** Compiled with Clang 5.0.1
 49 | - **`Imp`** Support for [`syspatch`](https://securityrouter.org/wiki/Update) and [`fw_update`](https://man.openbsd.org/fw_update)
 50 | - **`Imp`** Reordering firewall rules in web administration
 51 | - **`Bug`** Fix bug where `dhcp6-*` didn't log properly
 52 | - **`Bug`** Fix bug in web administration with DHCP reserved hosts
 53 | - **`Bug`** Fix regression since 6.2 where some driver firmware wasn't loaded
 54 | 
 55 | ## 6.2
 56 | Released on 2018-03-28
 57 | - **`New`** Based on [OpenBSD 6.2](http://www.openbsd.org/62.html)
 58 |   - OpenBSD is compiled with Clang 4.0.0
 59 |   - Support for Hyper-V StorVSC
 60 |   - Improved network performance thanks to less locking
 61 |   - Uses new [`slaacd`](http://man.openbsd.org/slaacd) daemon for IPv6 autoconfiguration
 62 | - **`Imp`** Ability to run multiple `bgp` in different routing domains
 63 | - **`Imp`** Support running `dhcp-server` on multiple interfaces in different routing domains
 64 | - **`Imp`** Support `dhcp6-client` on `pppoe` interfaces
 65 | - **`Imp`** Support routing domains on `dhcp6-client` and `dhcp6-server`
 66 | - **`Imp`** Support `pppoe` interfaces on `vlan` interfaces
 67 | - **`Bug`** Fix bug where `pppoe` interface's 0.0.0.2 route would always be in routing table 0
 68 | - **`Bug`** Fix regression since 3.6 where [router solicitation](http://securityrouter.org/wiki/IPv6#DHCPv6_client_and_router_solicitation) always enabled IA-NA
 69 | - **`Bug`** Fix regression since 6.1 where `dhcpd` would log to `stderr` instead of syslog
 70 | 
 71 | ## 6.1-p1
 72 | Released on 2017-09-30
 73 | - **`Bug`** Fixed regressions with `vlan` and `trunk` interface configuration
 74 | - **`Bug`** Applied [6.1 errata](http://www.openbsd.org/errata61.html) up to #029
 75 | 
 76 | ## 6.1
 77 | Released on 2017-06-22
 78 | - **`New`** Based on [OpenBSD 6.1](http://www.openbsd.org/61.html)
 79 |   - Hyper-V network driver [`hvn`](http://man.openbsd.org/hvn.4)
 80 |   - New [`mobileip`](http://man.openbsd.org/OpenBSD-current/man4/mobileip.4) (RFC 2004) tunneling interface
 81 |   - Multipoint-to-multipoint mode in [`vxlan`](http://man.openbsd.org/OpenBSD-current/man4/vxlan.4)
 82 | - **`Bug`** Applied [6.1 errata](http://www.openbsd.org/errata61.html) up to #012
 83 | 
 84 | ## 6.0-p2
 85 | Released on 2017-04-15
 86 | - **`Imp`** More options in software update
 87 | - **`Bug`** Fixed subscription license issue with VPN reload
 88 | - **`Bug`** Don't start NTP in cluster domain unless it exists
 89 | - **`Bug`** Fixed regressions in the new Bootstrap interface (IPsec, DHCP, and more)
 90 | - **`Bug`** Applied [6.0 errata](http://www.openbsd.org/errata60.html) up to #014
 91 | 
 92 | ## 6.0-p1
 93 | Released on 2016-10-13
 94 | - **`Imp`** Simplified provisioning, such as initialising a [storage disk](http://securityrouter.org/wiki/Architecture#Storage_disk) non-interactively
 95 | - **`Bug`** Applied [6.0 errata](http://www.openbsd.org/errata60.html) up to #011
 96 | 
 97 | ## 6.0
 98 | Released on 2016-09-20
 99 | - **`New`** Based on [OpenBSD 6.0](http://www.openbsd.org/60.html)
100 |   - SMP improvements in AES-NI and network stack
101 |   - MSI-X on VirtIO
102 |   - W^X is strictly enforced
103 |   - Support for new hardware, including NVMe and GPIO controllers
104 | - **`New`** Mobile-friendly web administration based on [Bootstrap](http://getbootstrap.com)
105 | 
106 | ## 3.7-p1
107 | Released on 2016-05-31
108 | - **`Bug`** Fixed regression since 3.7 (pledge-related) where some programs aborted because of `TZ` path
109 | - **`Bug`** Applied [5.9 errata](http://www.openbsd.org/errata59.html) up to #009, including [CVE-2016-2105 to 9](https://www.openssl.org/news/secadv/20160503.txt)
110 | 
111 | ## 3.7
112 | Released on 2016-04-25
113 | - **`New`** Based on [OpenBSD 5.9](http://www.openbsd.org/59.html)
114 |   - SMP network stack improvements
115 |   - Xen paravirtualizion support
116 |   - Initial IEEE 802.11n wireless support
117 |   - New [`etherip`](http://man.openbsd.org/OpenBSD-current/man4/etherip.4) Ethernet tunneling (RFC 3378) interface
118 |   - New [`pair`](http://man.openbsd.org/OpenBSD-current/man4/pair.4) Ethernet encapsulation interface
119 |   - New [EIGRP](http://man.openbsd.org/OpenBSD-current/man5/eigrpd.conf.5) routing daemon
120 |   - IPv6 support for pflow (NetFlow) transport
121 |   - IKEv2 interoperability with OS X El Capitan
122 |   - Support for new hardware, including network adapters from Intel and Realtek
123 | - **`Imp`** Ability to enable/disable clustering (sasyncd) without restarting IKE daemons
124 | - **`Bug`** Prevent SIGPIPE when doing cleartext IKE packet capture in `isakmpd`
125 | - **`Dep`** Moved [`ikev2`](http://man.openbsd.org/OpenBSD-current/man5/iked.conf.5) to separate `ike {` context for more accurate validation
126 | 
127 | ## 3.6
128 | Released on 2015-11-20
129 | - **`New`** Based on [OpenBSD 5.8](http://www.openbsd.org/58.html)
130 |   - New MPLS pseudowire driver [`mpw`](http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/mpw.4?query=mpw&amp;sec=4)
131 |   - Many improvements to [BGP](http://securityrouter.org/wiki/BGP), [OSPF](http://securityrouter.org/wiki/OSPF) and LDP (MPLS)
132 |   - The same network range can now be assigned to multiple interfaces
133 |   - MTU of VLAN devices can now be set independently from the parent interface's MTU
134 |   - Jumbo frames on PC Engines' [APU](http://www.pcengines.ch/apu.htm) and Halon's [HSR-603](http://securityrouter.org/wiki/File:Hsr-603.png)
135 |   - Support for the NX bit on i386 for better W^X enforcement
136 |   - Support for new hardware, and improved network drivers
137 | - **`New`** [VPLS](https://github.com/rwestphal/openbsd-ldpd/wiki/VPLS-basic-test-setup) (layer 2) MPLS support
138 | - **`New`** Interface [route priority](http://securityrouter.org/wiki/Route_priority)
139 | - **`Imp`** Uses `AUTOCONF6` for [router solicitation](http://securityrouter.org/wiki/IPv6#DHCPv6_client_and_router_solicitation) instead of `rtsold`
140 | - **`Dep`** The default Diffie-Hellman group from IKEv1 has been changed to modp3072 (15)
141 | 
142 | ## 3.5-r1
143 | Released on 2015-07-30
144 | - **`New`** Firewall ([pf.conf](http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man5/pf.conf.5?query=pf%2econf)) editor got support for new syntax such as prio, queue, etc
145 | - **`New`** New "basic" (non-JavaScript) firewall editor which is much faster when working with large rulesets
146 | - **`Bug`** Regressions (since 3.5) in the first-run config disk population and `pkg_*` settings resolved
147 | 
148 | ## 3.5
149 | Released on 2015-05-27
150 | - **`New`** Based on [OpenBSD 5.7](http://www.openbsd.org/57.html) with many improvements, such as
151 |   - The load balancer (relayd) supports source-hash for L3 (redirections) and [SNMP](http://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/src/share/snmp/OPENBSD-RELAYD-MIB.txt?rev=1.1)
152 |   - BIND has been removed, use [unbound](http://securityrouter.org/wiki/DNS_cache) instead
153 |   - nginx has been replaced with OpenBSD's [own httpd](http://www.openbsd.org/papers/httpd-slides-asiabsdcon2015.pdf)
154 |   - Support for new hardware, and improved network drivers
155 | - **`Imp`** The firewall page loads faster with many rules
156 | - **`Imp`** Automatic firewall rule sorting has been replaced by a "Sort" button
157 | - **`Bug`** Make [clusterd](http://securityrouter.org/wiki/Clustering) and [configure](http://securityrouter.org/wiki/Configure) UTF-8 aware, to prevent corruption of non-ASCII
158 | - **`Bug`** Empty persistent tables were overwritten by the firewall page
159 | - **`Bug`** Fix issue on web admin's IPsec page with quoted strings containing syntax tokens
160 | - **`Dep`** The load balancer has renamed the "ssl" keyword to "tls"
161 | - **`Dep`** The load balancer is TLSv1.2 only by default, you need to manually enable other protocols
162 | 
163 | ## 3.4-r1
164 | Released on 2015-03-19
165 | - **`New`** Added support for [LLDP](http://securityrouter.org/wiki/LLDP)
166 | - **`New`** Added support for [vether](http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-5.6/man4/vether.4?query=vether) interfaces
167 | - **`Sec`** Patched OpenSSL in regards to [security advisory as of 19 mar 2015](http://www.openbsd.org/errata56.html#020_openssl)
168 | - **`Bug`** Bug on load balancing page with "pftag"
169 | - **`Bug`** Regression in the HTTPS SOAP API (since 3.4)
170 | - **`Dep`** gmt0 was renamed to utc in SOAP API
171 | 
172 | ## 3.4-p1
173 | Released on 2015-01-12
174 | - **`Imp`** Backup (cluster) nodes can use NTP (`ntpd`) even without working egress IP, via cluster port
175 | - **`Bug`** Web admin server regression; now uses [nginx](http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-5.6/man8/nginx.8?query=nginx&amp;manpath=OpenBSD%2d5%2e6)
176 | 
177 | ## 3.4
178 | Released on 2014-12-11
179 | - **`New`** Based on [OpenBSD 5.6](http://www.openbsd.org/56.html)
180 |   - Includes the [Unbound](http://securityrouter.org/wiki/DNS_cache#Unbound) DNS cache
181 |  - Reverse proxy (`match ... forward to`) support in the [load balancer](http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man5/relayd.conf.5?query=relayd%2econf)
182 |   - Support for new hardware, including network adapters from Broadcom and Realtek
183 | - **`Imp`** Add [SIP proxy](http://securityrouter.org/wiki/Proxies#SIP_proxy) to interface page
184 | - **`Imp`** Support searching logs larger than 2 GB
185 | - **`Bug`** Fixes regression on load balancer status page
186 | - **`Bug`** Fixes issue when loading/reloading isakmpd
187 | - **`Bug`** Fixes issue with dhinfod
188 | - **`Bug`** Fixes issue with router advertisement and DHCPv6 with some clients
189 | 
190 | ## 3.3-p2
191 | Released on 2014-08-11
192 | - **`Bug`** Re-configure IKE daemon (isakmpd) if it crashes and is restarted by the watchdog
193 | - **`Bug`** Mitigate a threading issue, to prevent rare dead-locks during startup and reconfiguring
194 | 
195 | ## 3.3-p1
196 | Released on 2014-06-09
197 | - **`Sec`** Fix OpenSSL CVE-2014-0195, 2014-0221, 2014-0224 and 2014-3470
198 | - **`Imp`** Removed deprecated browser-specific CSS3 options (Mozilla, Opera)
199 | - **`Imp`** Enable auto-scroll on keypress in web terminal
200 | - **`Bug`** Allow more than 1000 items to be saved (PHP introduced input data limit)
201 | - **`Bug`** Update firmware boot data on OpenBSD 5.0 systems to prevent boot issue
202 | 
203 | ## 3.3
204 | Released on 2014-05-13
205 | - **`New`** Based on [OpenBSD 5.5](http://www.openbsd.org/55.html)
206 | - **`New`** Added [VXLAN](http://sr.wiki.halon.se/wiki/VXLAN) to grammar and web admin
207 | - **`New`** Supports new hardware such as
208 |   - VMware's VMXNET3 network interfaces and paravirtual SCSI
209 |   - VirtIO's paravirtual SCSI and random number devices
210 |   - Many new Intel platforms and NICs, such as the AES-NI capable Atom [C2000](http://www.intel.com/content/www/us/en/intelligent-systems/rangeley/atom-c2000-product-family-based-platforms-overview.html)
211 |  - PC Engine's [APU](http://pcengines.ch/apu.htm)
212 | - **`Imp`** Support copy-pasting directly into web admin's HTML5 terminal
213 | - **`Imp`** Accurately choose a local IPsec endpoint address to send probe pings from
214 | - **`Imp`** [Ed25519](http://ed25519.cr.yp.to) SSH signatures
215 | - **`Imp`** Allow omitting pflow (NetFlow/IPFIX) sender address
216 | - **`Bug`** Fixes an issue where the IKE daemon `isakmpd` wouldn't run with many addresses configured
217 | - **`Bug`** Do not use cluster rdomain for updating on active cluster nodes without default route
218 | - **`Bug`** Fixes an issue where the VPN server `npppd` could fail to start
219 | 
220 | ## 3.2-r2p1
221 | Released on 2014-04-08
222 | - **`Bug`** Patched OpenSSL ["heartbleed"](http://heartbleed.com) vulnerability (CVE-2014-0160)
223 | 
224 | ## 3.2-r2
225 | Released on 2014-04-03
226 | - **`New`** Route priorities
227 | - **`New`** Add reserved host from DHCP lease page
228 | - **`Imp`** Load balancers on front page in web admin
229 | - **`Imp`** Show cancel URL when testing a commit
230 | - **`Imp`** Ping with LAN addresses if a tunnels local endpoint is 0.0.0.0/0
231 | - **`Imp`** Warn about pflow protocol 9 soon being deprecated
232 | - **`Bug`** Web admin failed to set IKE phase 2 mode to none
233 | - **`Bug`** Basic setup erased aliases if having multiple IPs
234 | - **`Bug`** isakmpctl capture could fail to show decrypted packets
235 | - **`Bug`** Cluster push configuration button were broken
236 | - **`Bug`** System could run out of bpf interfaces
237 | 
238 | ## 3.2-r1
239 | Released on 2014-01-08
240 | - **`New`** Added `x-superuser` [login class](http://sr.wiki.halon.se/wiki/Users)
241 | - **`Imp`** Added [skeleton file](http://sr.wiki.halon.se/wiki/Skeleton_files) for the DHCP server
242 | - **`Imp`** Support running [router solicitation](http://sr.wiki.halon.se/wiki/IPv6), syslog and NTP in [routing domains](http://sr.wiki.halon.se/wiki/Routing_domains)
243 | - **`Imp`** Allowed web terminal to poll [backend](http://sr.wiki.halon.se/wiki/Backend) even when browser tab is in background
244 | - **`Imp`** Added more IPv6 auto-configuration settings to web administration
245 | - **`Imp`** Strip last dot from DHCPv6 search domain
246 | - **`Imp`** Various minor improvements
247 | - **`Bug`** Don't announce SLAAC prefixes when running a DHCPv6 server
248 | - **`Bug`** Resolved issue when filtering logs based on firewall label on amd64
249 | - **`Bug`** Resolved ping-from-self through NAT issue
250 | - **`Bug`** Resolved issue when moving VLANs from an unconfigured interface
251 | 
252 | ## 3.2
253 | Released on 2013-11-08
254 | - **`New`** Based on OpenBSD 5.4
255 | - **`New`** Router advertisement (v6) can announce DNS
256 | - **`Imp`** Router advertisement doesn't announce prefix if DHCP managed
257 | - **`Imp`** Sandboxed SSH server
258 | - **`Imp`** Disabled private SNMP community by default
259 | - **`Imp`** Various minor improvements
260 | - **`Bug`** Issue with load balancer's host page when using IPs in relays
261 | 
262 | ## 3.1-p7
263 | Released on 2013-11-01
264 | - **`New`** Buy feature licenses from within product's interface
265 | - **`New`** Support for new HSR-603 model
266 | - **`New`** Support for [reset](http://sr.wiki.halon.se/wiki/Recovery) button on HSR-1204 and ALIX
267 | - **`Imp`** Real-time decrypted IKE packets (isakmpctl capture)
268 | - **`Imp`** Simplified and unified DHCP page
269 | - **`Imp`** Support temperature sensors in ALIX
270 | - **`Imp`** Firewall supports interface addressing and DNS in DHCP/BGP setups
271 | - **`Imp`** Use bidirectional IPsec flows by default
272 | - **`Imp`** Better validation of FQDNs as DHCP hosts
273 | - **`Imp`** Make HTTP/SSH servers and pflow support [routing domains](http://sr.wiki.halon.se/wiki/Routing_domains)
274 | - **`Imp`** Require both sender and server for pflow interfaces
275 | - **`Imp`** Various minor improvements
276 | - **`Bug`** HTTP server didn't respect rsa-key and x509-certificate
277 | - **`Bug`** Scrolling didn't always freeze
278 | - **`Bug`** SSL was checked when adding new load balancer listeners
279 | - **`Bug`** Couldn't type @ in web terminal
280 | - **`Bug`** Do not create sessions for unauthorized web admin clients
281 | 
282 | ## 3.1-p6
283 | Released on 2013-09-02
284 | - **`Bug`** Management interfaces couldn't be disabled on administration page
285 | - **`Bug`** IKE lifetime wasn't maintained on IPsec page
286 | - **`Bug`** Tables was printed with an extra semi-colon on firewall page
287 | - **`Bug`** NTP client didn't use updated name servers (for example DHCP)
288 | 
289 | ## 3.1-p5
290 | Released on 2013-08-09
291 | - **`Imp`** Gracefully discard invalid host names in vApp deployment
292 | - **`Bug`** Warning on front page if no graphs are available
293 | - **`Bug`** XML warning on non-VMware system's interface page
294 | 
295 | ## 3.1-p4
296 | Released on 2013-08-07
297 | - **`Imp`** Support new HSR-1200 series hardware
298 | - **`Bug`** Support non-standard gateway IP in update firmware
299 | - **`Bug`** No longer consume VMware channels without vApp
300 | - **`Bug`** Handle configuration without groups on firewall page
301 | - **`Bug`** Various minor bugs fixed
302 | 
303 | ## 3.1-p3
304 | Released on 2013-07-29
305 | - **`New`** Network setup guide in OVF (VMware vCenter)
306 | - **`Imp`** Minor web administration improvements
307 | - **`Bug`** Disabled SMP due to threading regression in OpenBSD 5.3
308 | 
309 | ## 3.1-p2
310 | Released on 2013-07-24
311 | - **`Imp`** Restructured CLI menu
312 | - **`Imp`** Subscription licenses are more tolerant to connectivity issues
313 | - **`Imp`** Faster boot by disabling floppy drives in kernel
314 | - **`Imp`** Minor web administration improvements
315 | - **`Bug`** Could generate invalid VPN server configuration, regression
316 | 
317 | ## 3.1-p1
318 | Released on 2013-07-15
319 | - **`New`** New IKE debugging tool (isakmpctl)
320 | - **`Imp`** Support for VIA temperature sensors
321 | - **`Imp`** Perl modules needed by pkg_add included
322 | - **`Bug`** Cluster failed to detect successful synchronizations
323 | 
324 | ## 3.1
325 | Released on 2013-07-10
326 | - **`New`** Based on OpenBSD 5.3 (with patches from head)
327 | - **`New`** Support for KVM Virtio para-virtualized drivers
328 | - **`New`** Added load balancer methods; least states, source hash, random
329 | - **`New`** Support for NetFlow 9 and 10 (IPFIX) in `pflow`
330 | - **`New`** Temperature sensors on graph page
331 | - **`Imp`** Added IPsec lifetime to plain-text configuration and interface
332 | - **`Imp`** Added DHCP server options 66 and 67
333 | - **`Imp`** Allow DHCP relay on CARP interface
334 | - **`Bug`** Only allow valid advbase values
335 | - **`Bug`** NTP client reload fixes
336 | 
337 | ## 3.0-p33
338 | Released on 2013-06-28
339 | - **`Imp`** Load balancer (relayd) performance improved
340 | - **`Imp`** Graphs page display load balancer names
341 | - **`Imp`** IPsec IKE tunnels page displays DH group number
342 | - **`Imp`** Firewall page removes outer brackets on lists without space
343 | - **`Bug`** Load balancer page didn't display correctly if name ended with a digit
344 | - **`Bug`** Load balancer (relayd) didn't support more than 20 relays
345 | - **`Bug`** Cluster discovery (hdpd) don't exit when missing serial
346 | 
347 | ## 3.0-p32
348 | Released on 2013-05-31
349 | - **`Imp`** PPTP proxy timeout increased
350 | - **`Imp`** Load balancer page lists available listen addresses
351 | - **`Imp`** Internet failover doesn't require load balancer license
352 | - **`Imp`** Terminal emulator page input improved
353 | - **`Bug`** Load balancer page didn't handle multiple listeners and SSL
354 | - **`Bug`** License page's link to renewals didn't work
355 | 
356 | ## 3.0-p31
357 | Released on 2013-05-21
358 | - **`Imp`** System disks are grown to disk's size (CF, etc) into new data partition
359 | - **`Imp`** Buffered software update without storage disk on grown systems
360 | - **`Imp`** Support 1000base* on Intel's SFP+
361 | - **`Imp`** Interface descriptions on graphs page
362 | - **`Imp`** Ability to change CARP password from interface page
363 | - **`Imp`** Sort DHCP leases based on lease times
364 | - **`Imp`** Web terminal's input synchronised
365 | - **`Imp`** Support `sis` interfaces
366 | - **`Imp`** Improved Ethernet media handling
367 | - **`Imp`** Allow svlan (QinQ) on trunk (LAG) interfaces
368 | - **`Imp`** Reserved DHCP hosts excluded from ranges
369 | - **`Bug`** IPsec labels such as "to host" was interpreted as a resolvable hostname
370 | - **`Bug`** Graph daemon `statd` warned about full disk too many times
371 | 
372 | ## 3.0-p30
373 | Released on 2013-04-11
374 | - **`New`** Mirror (SPAN ports) on bridges
375 | - **`Imp`** Keep logs and graphs when rebooting if using a storage disk
376 | - **`Imp`** Faster software updates (writes data to disk asynchronous)
377 | - **`Imp`** Flush all GRE states when enabling the PPTP proxy
378 | - **`Imp`** `storageupdate` has support for explicit (IPv) -4 and -6
379 | - **`Bug`** Max addresses on bridges wasn't configurable in web administration
380 | - **`Bug`** Load balancer's wizard was to strict on detecting potential conflicts
381 | 
382 | ## 3.0-p29
383 | Released on 2013-03-11
384 | - **`New`** New model VSR-Lite available for purchase
385 | - **`New`** Support for PC Engine's ALIX system boards
386 | - **`Imp`** VPN servers support search domain and routes for Apple OSX and iOS clients
387 | - **`Imp`** Other minor improvements
388 | - **`Bug`** dhsyncd would fail to start if any carp interface was down
389 | 
390 | ## 3.0-p28
391 | Released on 2013-02-25
392 | - **`New`** New CLI command `replace-swap` in `configure`
393 | - **`Imp`** Support for Dell R320
394 | - **`Imp`** Edit buttons in tables
395 | - **`Imp`** Support `rdomain` and `proxy-arp` in cluster activation
396 | - **`Imp`** Other minor improvements
397 | 
398 | ## 3.0-p27
399 | Released on 2013-02-20
400 | - **`Imp`** Support for more Broadcom NICs
401 | - **`Imp`** Other minor improvements
402 | - **`Bug`** Could not enable free mode (VSR-Free) without serial
403 | 
404 | ## 3.0-p26
405 | Released on 2013-02-05
406 | - **`Imp`** VLAN on trunk interfaces
407 | - **`Imp`** Suppress repeated cluster errors
408 | - **`Imp`** Other minor improvements
409 | - **`Bug`** When configuring partial date and time
410 | 
411 | ## 3.0-p25
412 | Released on 2012-12-14
413 | - **`New`** Microsoft Hyper-V support
414 | - **`New`** Ability to use additional disk as storage for logs, etc
415 | - **`New`** Ability to update with verification using storage disk
416 | - **`Imp`** Improved performance during commit/test
417 | - **`Imp`** Question on drain/flush load balancer node pausing
418 | - **`Imp`** Changed Subversion format to FSFS
419 | - **`Imp`** Improved loading time on firewall page with many rules
420 | - **`Imp`** Overall improvements
421 | - **`Bug`** IP ranges in macros on firewall page
422 | - **`Bug`** Load balancer wizard didn't work with missing statement
423 | - **`Note`** Reserved routing domain 239-255
424 | 
425 | ## 3.0-p24
426 | Released on 2012-11-21
427 | - **`New`** The `proxy-arp` makes it possible to use [LAN network in VPN server](http://sr.wiki.halon.se/wiki/VPN_server#Proxy_ARP)
428 | - **`Imp`** Cluster (`hdpd`) keeps information about dead hosts
429 | - **`Imp`** Improved macro/table presentation on Network > Firewall
430 | - **`Imp`** Many load balancer improvements
431 |  - Proper source-tracking per redirect
432 |  - Summarise statistics for multiple "listen on"
433 |  - Ability to enable/disable hosts in all relays/redirects
434 |  - Creates automatic rules for relays (tagged relayd)
435 |  - Wizard for adding relays and redirects
436 |  - User interface for global settings
437 |  - [MIB](http://sr.wiki.halon.se/wiki/Load_balancing#SNMP_traps) for traps
438 | - **`Imp`** User interface for SNMP settings on System > SNMP
439 | - **`Bug`** Fixed problem when renaming duplicate macros/tables
440 | - **`Bug`** Exports on Configuration > Revision management named properly
441 | - **`Bug`** Fixed issue with `statd` removing graphs when redirects is down
442 | 
443 | ## 3.0-p23
444 | Released on 2012-10-25
445 | - **`Imp`** Allow more than 4 VPN server groups by creating /dev/tunX dynamically
446 | - **`Imp`** Visual noise when displaying all rulesets on firewall page removed
447 | - **`Imp`** Permit hyphens in the host part in FQDNs (search-domain and host-name)
448 | - **`Imp`** Other minor improvements
449 | 
450 | ## 3.0-p22
451 | Released on 2012-10-22
452 | - **`New`** Real-time graphs
453 | - **`New`** Graphs for firewall states
454 | - **`New`** Login banner in web administration
455 | - **`New`** Highlight text in CLI output with | mark
456 | - **`Imp`** Forwarding (firewall/routing) performance improved
457 | - **`Imp`** Ability to configure DNS, routes, etc per VPN group
458 | - **`Imp`** Always allow DHCP on VPN interfaces for dhinfod to work
459 | - **`Imp`** Shortcuts to rule and state statistics on Firewall page
460 | - **`Imp`** Better logging when using SOAP's commandRun
461 | - **`Imp`** Go directly to deploy/diff when saving on clear-text page
462 | - **`Imp`** Ability to restore the terminal using CLI's "reset"
463 | - **`Imp`** Display line numbers of configuration error page
464 | - **`Imp`** Firewall page now visually renders more protocols
465 | - **`Imp`** Less obstructive reloading of VPN server
466 | - **`Imp`** Other minor improvements
467 | - **`Bug`** Bug in PHP/CURL's DNS reloading remedied
468 | - **`Bug`** Memory leak in UUID generation
469 | - **`Bug`** Invalid netmask displayed as 0.0.0.0 on basic setup page
470 | 
471 | ## 3.0-p21
472 | Released on 2012-09-25
473 | - **`Imp`** Web admin settings for VPN-server client routes
474 | - **`Imp`** Usability improvements
475 | - **`Bug`** Real-time firewall log issue resolved
476 | 
477 | ## 3.0-p20
478 | Released on 2012-09-24
479 |  - New: VPN-server (L2TP/PPTP) supports client routes
480 |  - Bug: Issue with IPsec 3DES key generation button resolved
481 | 
482 | ## 3.0-p19
483 | Released on 2012-09-10
484 | - **`New`** VPN-server (L2TP) NAT-T support
485 | - **`New`** VPN-server (L2TP/PPTP) DNS suffix support
486 | - **`New`** Replaced [`configure`](http://wiki.halon.se/SR/Configure) "diff" with new "compare" command
487 | - **`Imp`** Various graphical usability improvements
488 | - **`Bug`** Saving a firewall macro with multiple items resulted in duplicate brackets
489 | - **`Bug`** L2TP passphrase not saved when editing existing server
490 | 
491 | ## 3.0-p18
492 | Released on 2012-09-02
493 | - **`New`** VSR-Free, a free license
494 | - **`New`** License subscription, option to automatically downloads license keys
495 | - **`Imp`** [CLI](http://wiki.halon.se/SR/CLI) can install and remove license keys
496 | - **`Imp`** Log failed password attempts via HTTPS
497 | - **`Imp`** Added support for option 82 in the dhcp-relay
498 | - **`Bug`** Multiple negations on firewall page didn't render properly
499 | 
500 | ## 3.0-p17
501 | Released on 2012-08-22
502 | - **`New`** [DHCPv6](http://wiki.halon.se/SR/IPv6#DHCPv6) server, client and prefix delegation
503 | - **`New`** IPv6 router solicitation client
504 | - **`New`** [User classes](http://wiki.halon.se/SR/Users), including read-only users (login.conf)
505 | - **`New`** Web graph layout is customisable and auto saved
506 | - **`Imp`** Ability to renew DHCP leases
507 | - **`Imp`** Web improvements for Apple iOS and Microsoft IE 9
508 | - **`Imp`** Web terminal has better scroll-back
509 | - **`Imp`** Web shows disk usage on System > Hardware
510 | - **`Imp`** Changed system paths according to BSD defaults
511 | - **`Imp`** [CLI](http://wiki.halon.se/SR/CLI) parsing improved with quoted strings
512 | - **`Imp`** Web settings stored in HTML5 local storage
513 | - **`Imp`** Updated jQuery
514 | - **`Bug`** Resolved cluster memory leak in backend
515 | - **`Bug`** Resolved issue with /tmp getting full
516 | - **`Bug`** Resolved web cluster page script error
517 | - **`Bug`** Suppressed warning when confirming deployment
518 | - **`Bug`** Spelling corrections
519 | 
520 | ## 3.0-p16
521 | Released on 2012-07-10
522 | - **`New`** Diagnostics > Terminal with full ANSI support
523 | - **`New`** Working copy allows for atomic apply of multiple changes
524 | - **`Imp`** Ability to tag configuration revisions with a message
525 | - **`Imp`** Ability to cancel a pending configuration test
526 | - **`Imp`** Network > Interface got statistics
527 | - **`Imp`** Network > Interface got PPPoE support
528 | - **`Imp`** Network > Firewall supports negation of addresses
529 | - **`Imp`** Network > Basic setup got PPPoE support
530 | - **`Imp`** Network > DHCP server lists connected clients (leases)
531 | - **`Imp`** PPPoE interface automatically adds routes and rules
532 | - **`Imp`** Welcome texts on first boot
533 | - **`Imp`** New layout on login screen
534 | - **`Imp`** Highlights save or warns about unsaved changes
535 | - **`Imp`** Validating function configCheck() in SOAP API
536 | - **`Imp`** Default arguments in SOAP API
537 | - **`Imp`** Command for showing licenses in CLI
538 | - **`Bug`** Now validates reserved DHCP host's name more strictly
539 | - **`Bug`** No longer kicked out of console when setting root password
540 | - **`Bug`** Resolved issue with dhsyncd causing sawtooth CPU usage
541 | 
542 | ## 3.0-p15
543 | Released on 2012-06-11
544 | - **`Imp`** Support for ne (NE1000) interfaces (used by Parallels Desktop)
545 | - **`Imp`** Changed the fail-path when activating clustering
546 | - **`Bug`** Error on first page for un-configured interfaces resolved
547 | - **`Bug`** Issue when duplicating rules on the firewall page resolved
548 | 
549 | ## 3.0-p14
550 | Released on 2012-06-08
551 | - **`New`** Introduced cluster support using SSL certificates
552 | - **`New`** Introduced PPPoE support
553 | - **`New`** Introduced RADIUS support for PPTP and L2TP server with groups
554 | - **`New`** Last ethernet interface automatically becomes cluster sync on installation
555 | - **`New`** Possibility to update a cluster node through other node via sync interface
556 | - **`New`** New replace command in CLI configure
557 | - **`New`** Load balancer shows statistics for layer 3 (redirects)
558 | - **`New`** Keyboard layout support for video consoles
559 | - **`Imp`** Internal IPC moved from TCP to Unix sockets for increased local security
560 | - **`Imp`** Firewall page supports "received-on" routing domains
561 | - **`Imp`** Friendly warning on password change in web administration
562 | - **`Imp`** DHCP server supports clustering
563 | - **`Imp`** DHCP server supports DHCP option 43
564 | - **`Imp`** Make DHCP server leases persistent across reboots
565 | - **`Imp`** Possibility to only change one of the DHCP range values
566 | - **`Imp`** Router advertisements supports clustering
567 | - **`Imp`** Basic setup displays unplugged cable correctly
568 | - **`Imp`** Support Intel 10/100 network cards (fxp)
569 | - **`Imp`** HTTPS server supports certificates and keys in configuration
570 | - **`Imp`** Renamed "cd" to "edit" in CLI configure
571 | - **`Imp`** License page more detailed explains license keys
572 | - **`Imp`** Overview page consumes less CPU
573 | - **`Imp`** Load balancer inherits default SSL certificate unless overridden
574 | - **`Imp`** Load balancer page layout improved
575 | - **`Imp`** Web browser cache is automatically flushed after software updates
576 | - **`Imp`** Users "admin" and "root" can force reboots from CLI
577 | - **`Imp`** Users "admin" and "root" can perform a factory reset from CLI
578 | - **`Imp`** Allowed all users to view packets in tcpdump from CLI
579 | - **`Imp`** License, copyright and credit page added under Help page
580 | - **`Imp`** Prevents users from removing themselves by mistake
581 | - **`Imp`** IPsec tunnel ping test works on /0 networks
582 | - **`Imp`** Hide shutdown button on hardware page by default
583 | - **`Bug`** Bug in tcpbench resolved (patch sent upstream)
584 | - **`Bug`** Display error on DHCP page resolved
585 | - **`Bug`** The PPTP proxy has issues with clients sending GRE too early
586 | - **`Bug`** Monotonic time were not always used for wake ups
587 | - **`Bug`** Change of order of some keys in configuration didn't triggering a commit
588 | - **`Bug`** Parsing error on load balancer page resolved
589 | - **`Bug`** Syslog didn't log with host name
590 | - **`Bug`** DHCP settings link on interface page didn't work for all interface types
591 | 
592 | ## 3.0-p13
593 | Released on 2012-03-22
594 | - **`Bug`** DHCP relay regression issue resolved
595 | 
596 | ## 3.0-p12
597 | Released on 2012-03-20
598 | - **`New`** Hardware detection for Halon HSR-1000
599 | 
600 | ## 3.0-p11
601 | Released on 2012-03-16
602 | - **`New`** [Load balancer](http://wiki.halon.se/SR/Load_balancing) user interface
603 | - **`New`** [FTP proxy](http://wiki.halon.se/SR/Proxies) for NAT called `interface X { ftp-proxy`
604 | - **`New`** [PPTP proxy](http://wiki.halon.se/SR/Proxies) for NAT called `interface X { pptp-proxy`
605 | - **`Imp`** Firewall user interface supports `divert`
606 | - **`Bug`** Load balancer stability issue patched
607 | - **`Bug`** Suppressed unnecessary `interface-group` events
608 | 


--------------------------------------------------------------------------------