==========================================================
NetworkManager-l2tp-1.2.18
Overview of changes since network-manager-l2tp-1.2.16
==========================================================

* Remove modp1024 in default phase 1 algorithms for Libreswan, as
  libreswan >= 3.30 is no longer built with DH2 (modp1024) support.
* Provide --enable-libreswan-dh2 configure switch.
* KDE plasma-nm compatibilty for Gateway ID.

==========================================================
NetworkManager-l2tp-1.2.16
Overview of changes since network-manager-l2tp-1.2.14
==========================================================

* Update translations.
* Fix label geometry in LT2P dialog box.
* Remove "Prevalent Algorithms" button, overide default algorithms.
  Made the phase 1 & 2 proposals previously provided by the Prevalent
  Algorithms button the new default for the IKEv1 proposals.

==========================================================
NetworkManager-l2tp-1.2.14
Overview of changes since network-manager-l2tp-1.2.12
==========================================================

* Update translations by merging from various sources.
* Changed Legacy Proposal button to Prevalent Algorithms button.
  Clicking Prevalent Algorithms button populates Phase 1 and 2 Algorithm text
  entry boxes with the following proposals, which are a merge of Windows 10
  and macOS/iOS/iPadOS L2TP clients' IKEv1 proposals.
  - Phase 1 - Main Mode :
    {enc=AES_CBC_256 integ=HMAC_SHA2_256_128 group=MODP_2048},
    {enc=AES_CBC_256 integ=HMAC_SHA2_256_128 group=MODP_1536},
    {enc=AES_CBC_256 integ=HMAC_SHA2_256_128 group=MODP_1024},
    {enc=AES_CBC_256 integ=HMAC_SHA1_96 group=MODP_2048},
    {enc=AES_CBC_256 integ=HMAC_SHA1_96 group=MODP_1536},
    {enc=AES_CBC_256 integ=HMAC_SHA1_96 group=MODP_1024},
    {enc=AES_CBC_256 integ=HMAC_SHA1_96 group=ECP_384},
    {enc=AES_CBC_128 integ=HMAC_SHA1_96 group=MODP_1024},
    {enc=AES_CBC_128 integ=HMAC_SHA1_96 group=ECP_256},
    {enc=3DES_CBC integ=HMAC_SHA1_96 group=MODP_2048},
    {enc=3DES_CBC integ=HMAC_SHA1_96 group=MODP_1024}
  - Phase 2 - Quick Mode :
    {enc=AES_CBC_256 integ=HMAC_SHA1_96},
    {enc=AES_CBC_128 integ=HMAC_SHA1_96},
    {enc=3DES_CBC integ=HMAC_SHA1_96}
* Added use IKEv2 key exchange option.
* Improved debugging output for Libreswan and strongSwan.
  Libreswan debugging can now be cutomized by setting the `PLUTODEBUG`
  environment variable.
  strongSwan debugging can now  be cutomized by setting the `CHARONDEBUG`
  environment variable.
* Gray out "IPsec Settings..." button if no *swan found.
  Also fix crash if "IPsec Settings..." button pressed and no *swan installed.

==========================================================
NetworkManager-l2tp-1.2.12
Overview of changes since network-manager-l2tp-1.2.10
==========================================================

* Update translations by merging from various sources.
* Added Legacy Proposal button.
  Clicking Legacy Proposals button populates Phase 1 and 2 Algorithm text entry
  boxes with proposals offered by Windows Server 2019:
  - AES256, SHA-1, ECP384 and AES128, SHA-1, ECP256 strong proposals.
    strongSwan recommends not using SHA-1 in its security recommendations
    documentation.
  - 3DES, SHA-1, MODP1024 broken proposal.
    Legacy Windows 2000 Server era proposal still commonly offered, especially
    with consumer routers
* Added following IPsec configuration options:
  - Phase1 Lifetime - ikelifetime.
  - Phase2 Lifetime - salifetime (libreswan) / lifetime (strongswan).
  - Use IP compression - compress.
  - Disable PFS - pfs.
* renamed Gateway ID to Remote ID and updated GUI tooltip.
* removed restrictions that only IP addresses are allowed for the Remote ID.
* Generated config file changes, following config files :
  - /var/run/nm-l2tp-xl2tpd-_UUID_.conf
  - /var/run/nm-l2tp-xl2tpd-control-_UUID_
  - /var/run/nm-l2tp-xl2tpd-_UUID_.pid
  - /var/run/nm-l2tp-ppp-options-_UUID_
  are now:
  - /var/run/nm-l2tp-_UUID_/xl2tpd.conf
  - /var/run/nm-l2tp-_UUID_/xl2tpd-control
  - /var/run/nm-l2tp-_UUID_/xl2tpd-.pid
  - /var/run/nm-l2tp-_UUID_/ppp-options
* Use same IP secrets file for all L2TP connections, 
  /etc/ipsec.d/ipsec.nm-l2tp.secrets is now used instead of
  /etc/ipsec.d/nm-l2tp-ipsec-_UUID_.secrets, where _UUID_ was the UUID of the
  VPN connection.
* Force ikev2=never for Libreswan 
  ikev2=permit is the implicit default setting, which tries to detect
  a "bid down" attack from IKEv2 to IKEv1 and can have an impact on
  the default proposals.
* Add nm-l2tp-service- prefix back to pppd ipparam argument.
  The ipparam argument is used by a condition in the Debian resolvconf's
  /etc/ppp/ip-up.d/000resolvconf script.
* PSK is now Base64 encoded, allows PSK to contain double quotation mark (").
* Fix build without GTK/Gnome.
* Legacy KDE Plasman-nm user certificate support.
* libnm-glib compatibility (NetworkManager < 1.0) is disabled by default.
  It can be enabled by passing --with-libnm-glib to configure script.
  Nobody should need it by now. Users that still use this are encouraged
  to let us know before the libnm-glib support is removed for good.
* The auth helper in external UI mode can now be run without a display
  server. Future nmcli version will utilize this for handling the
  secrets without a graphical desktop.

=======================================================
NetworkManager-l2tp-1.2.10
Overview of changes since network-manager-l2tp-1.2.8
=======================================================

This is a new stable release of NetworkManager-l2tp.  Notable changes include:

* Point version 1.2.10 appdata image URIs to nm-1-2 github branch:
  https://raw.githubusercontent.com/nm-l2tp/network-manager-l2tp/nm-1-2/appdata
* Corrected force UDP encapsulation toggle button behavior.
* Workaround for libreswan `ipsec status` issue with short (< 8 char) PSKs.
* fix gcc -Wimplicit-fallthrough warning.

=======================================================
NetworkManager-l2tp-1.2.8
Overview of changes since network-manager-l2tp-1.2.6
=======================================================

This is a new stable release of NetworkManager-l2tp.  Notable changes include:

* Updated translations, merged from NetworkManager-applet,
  NetworkManager-libreswan, NetworkManager-pptp and
  KDE Plasma NetworkManagement L2TP. Removed obsolete translations.
* Enforce UDP encapsulation toggle button fix.
* Stop strongSwan service when a connection cannot be established.
* fix entries in Debian Lintian spelling-error-in-binary report.
* configure --runstatedir support if using Autoconf >= 2.7.0.
* If "Automatic (VPN) Addresses Only" mode is enabled in the the IPv4
  config settings, do not use the pppd usepeerdns option.
  i.e. do not overide /etc/resolv.conf.

=======================================================
NetworkManager-l2tp-1.2.6
Overview of changes since network-manager-l2tp-1.2.4
=======================================================

This is a new stable release of NetworkManager-l2tp.  Notable changes include:

* If L2TP port 1701 is already in use, no longer writes
  "leftprotoport=udp/l2tp" (which is equivalent to "leftprotoport=udp/1701") to
  the ipsec config file. This was done to ensures L2TP is encapsulated in IPsec
* Uses UUID instead of PID for run-time generated filenames
* No longer temporarily replaces system /etc/ipsec.secrets file
* IPsec rekeying is now possible because the following file remains for the
  lifetime of the VPN connection :
    /etc/ipsec.d/nm-l2tp-ipsec-UUID.secrets
* Following line is appended to /etc/ipsec.secrets if the include line is
  missing:
    include /etc/ipsec.d/*.secrets
* Removed IPsec Group Name from user interface
* Added IPsec Phase 1 (ike) & Phase 2 (esp) to user interface
* New timeout code for IPsec connection up script.

=======================================================
NetworkManager-l2tp-1.2.4
Overview of changes since network-manager-l2tp-1.2.2
=======================================================

This is a new stable release of NetworkManager-l2tp.  Notable changes include:

* Prefer building against stable libsecret API
* Split libnm-vpn-plugin-l2tp.so into a GTK-free core plugin
  usable by nmcli and a UI plugin for nm-applet and gnome components
* Successfully builds on 32bit Linux 
* Explicitly check strongSwan connection has been established
  and not trust use exit status of strongSwan 'ipsec up' command
* Support weaker initial proposals on later versions of strongSwan
* Support IP addresses for IPsec leftid and rightid
* 10 second timeout for ipsec starter process

