- Added
dns-serversandignore-dns-serversoptions
- Fixed a bug with incorrect resolver detection when /etc/resolv.conf is a relative symlink.
- Added "Apply" button in the settings dialog (validate and save settings without closing the dialog).
- Removed a superfluous title from the system tray icon (visible on some desktop environments).
- Fixed a problem with the invalid MFA prompt shown when password is stored in the keychain and
server-promptoption is enabled. - Fixed a problem with the incorrect resolver detection when /etc/resolv.conf is a multi-level symlink.
- Fixed a bug with a tun device being not removed after SSL tunnel is disconnected.
- Added
icon-themeconfig option and a GUI setting to choose the GUI icon theme, to workaround an issue with desktop theme autodetection on some systems.
- Added DNS resolver detection and support for the plain
/etc/resolv.confconfiguration without systemd-resolved. Note that this setup will forward all DNS requests to the corporate VPN. - Added improvements in config files parsing.
- Fixed
default-routeoption in combination with the SSL tunnel. - Fixed intermittent crash in the SSL tunnel due to a keepalive counter underflow.
- Added
no-keepaliveoption to disable IPSec keepalive packets, to workaround some rare cases of tunnel disconnects. - Removed webkit from the project. It doesn't seem to bring any practical value.
- Don't add duplicated routes.
- When attempting to connect, don't return an error if the tunnel is already connected.
- Added experimental
ike-persistoption which will save IPSec session to disk, restore it after service or computer restart and automatically reconnect the tunnel without authentication. It works best in combination with theike-lifetimeoption. For example, settingike-lifetimeto 604800 will keep the session for 7 days. Note that most IPSec servers have shorter IKE duration configured, so it may be terminated earlier. This option is also added to the GUI application under "Misc settings" category. Automatic reconnection will happen when running in the standalone mode, when GUI application starts or whensnxctlsends the "connect" command. - Fixed some issues with added routes.
- Fixed a problem with SSL connection when username is not specified.
- Fixed the
ignore-routesoption which wasn't working as expected. - Fixed a problem with the
default-route=trueoption in combination with the IPSec tunnel. - Allow comma-separated values in the command line for the multi-value parameters.
- Added informational message printed to stdout when the tunnel is connected in standalone mode.
- Ignore stored or specified passwords for the SAML authentication.
- Don't hard-fail the connection if there is IP address mismatch in the IPSec ID payload. This seems to cause issues with some users. The warning will be logged instead.
- Don't require user name to be specified for password logins. The user will be prompted for it if needed.
- Improved MFA prompts retrieval from the server.