File Changes.txt:


1. Corrected behaviour with some external personal firewalls.

2. When using RSA SIG (Certificates) the client enforced IKE ID type to ASN1
   Distinguished Name independent of the configured IKE ID type.
   Due to feedback from different partners this has now been changed. The client
   now for RSA SIG uses the configured IKE ID type. For current installations using 
   RSA SIG and where ASN1 DN is used, please check that the IKE ID Type is set to
   "ASN1 Distinguished Name". The content of the IKE ID is in this case irrelevant.

3. Support for Netscreen XAUTH and Mode Config (IKECFG).

4. Prompt for XAUTH password if field is left empty.   

5. Re-keying of IKE (phase I) without disconnecting fixed. 

6. Added support to run concurrently with basically any external firewall. 
   When an external firewall is installed the NCP firewall should be turned off.

7. When the RAS dialer and not the NCP internal dialer was used to create the 
   provider connection, the VPN connection worked properly. After a disconnect
   and a second connect the tunnel was established but it was not possible to
   communicate over the tunnel. This is now corrected.

  
8. When using RSA-Signatures (Certificates) the client enforced MAIN mode. This
   behaviour has now been changed in such a way that the client always uses the 
   configured exchange mode.


BINTEC Entry Client ver 1.0 build 84:

changes to all previous versions and builds -

1. Problem with de-installation when using WINXP (SP2) fixed.
   Before de-installing the NCP Entry Client please update with this build and
   then reboot. After reboot you can de-install the NCP Entry Client.   	
 

BINTEC Entry Client ver 1.0 build 85 (08-09-2004):

changes to previous version -

1. Hybrid Authentication Mode (eg. CheckPoint XAUTH) now supported.

2. COSINE IKECFG mode corrected.

3. When the client receives unencrypted data in crypto state during the IKE negotiation
   it will no longer send a NOTIFY("SITUATION_NOT_SUPPORTED"). This caused some gateways to
   terminate the IKE negotiation.

   
BINTEC Entry Client ver 1.0 build 86 (09-09-2004):

changes to previous version -

1. When the internal NCP dialer is used and the mediatype is GPRS the PIN  and APN
   are automatically sent by the client. For the Vodaphone and T-Mobile GPRS/UMTS
   cards the wait time after sending the PIN before proceeding was 12 seconds. This 
   wait time has now been set to 20 seconds to provide a more reliable connect. 

BINTEC Entry Client ver 1.0 build 87 (11-10-2004):

changes to previous version -

1. Corrected split-tunneling behaviour when the clients IP address assignment 
   is set to "Local Address".

2. The re-keying of phase II affected the re-keying (LifeTime) of phase I.This is now
   corrected.

3. Some Firewall's were able to block the client from working properly over lan. 
   The client was not able to recognize the LAN adapters.This has now been fixed.

4. DEFLATE compression is now supported. The monitor (GUI) still displays
   "Use IP compression (LZS)" but both methods are negotiated (LZS and DEFLATE). 
   Look into the logbook to view what actually was negotiated. The GUI will be corrected.


BINTEC Entry Client ver 1.0 build 90 (14-10-2004):

changes to previous version -

1. The checkbox "Use IP compression (LZS)" is now corrected to the following:
   "Use IP compression"

2. It is now possible to configurate the Domain name within the "IP Address assignment"
   tab.


 
BINTEC Entry Client ver 1.0 build 91 (22-10-2004):

changes to previous version -

1. EAP 802.1x changes:

For WLAN and switches supporting port authentication the client supports EAP - MD5 - TLS.
This makes it unneccessary to install a separate EAP client.

EAP-MD5: UserId/Password authentication is supported and the possibility exists to get the UserId/Password 
         from the certificate used for the VPN connections.

EAP-TLS: Certificates are used and are taken from the NCP certificate configuration. EAPOL KEY (Dynamic WEP key )
         is supported.



BINTEC Entry Client ver 1.01 build 20 (09-11-2004):

changes to previous version -

1- changes done to support ZYXEL XAUTH.
          

BINTEC Entry Client ver 1.01 build 22 (12-11-2004):

changes to previous version -

1- Certficate configuration not possible:

   The menu for configuration of certificates was missing after entering a correct
   serial number and activation key via the NCP popup programm. 
   This has now been corrected.

BINTEC Entry Client ver 1.01 build 23 (15-11-2004):

changes to previous version -

1- For non-VPN connections to provider SPI (Statefull Packet Inspection )
   is now always enabled.   

BINTEC Entry Client ver 1.01 build 24 (16-11-2004):

changes to previous version -

1- Corrected a problem when the NCPMON (NCP Monitor) was closed and then started again.
   This caused the monitor to disconnect the current connection.


BINTEC Entry Client ver 1.01 build 25 (26-11-2004):

changes to previous version -

1- Corrected the reading of MTU size for the installed LAN adapters. For LAN/WLAN 
   adapters that are using a MTU size smaller than 1500 Bytes a problem occurred
   with fragmentation. 

2 - Changed the XAUTH protocol for use with NETSCREEN and OTP.
 


BINTEC Entry Client ver 1.01 build 31 (09-12-2004):

changes to previous version -

1 - Corrected the retry behaviour when DPD (Dead Peer Detection) is active. Retries are
    now sent out with increasing sequence numbers.
	
BINTEC Entry Client ver 1.01 build 34 (14-12-2004):

changes to previous version -

1 - Support for ASCII import configuration.
	
BINTEC Entry Client ver 1.01 build 36 (13-1-2005):

changes to previous version -

1 - Added support for RFC.3947 (Negotiation of NAT - Traversal in IKE).and
    RFC 3498 (UDP Encapsulation of IPSEC ESP packets). The older drafts are of course
	still supported.
	
BINTEC Entry Client ver 1.01 build 39 (20-1-2005):

changes to previous version -

1 - Fragmenting. As the NCP client is fragmenting packets (if necessary) before applying IPSEC,
    we now also reset the DF bit (Don't fragment bit) before fragmenting.
 
2 - Corrected the NCPGINA GUI when domain logon is active. The GUI didn't show a complete 
    connection even though the connection was there.

BINTEC Entry Client ver 1.01 build 42 (24-1-2005):

changes to previous version -

1 - The NCP Extended Personal Firewall is introduced.
2 - Support for configuration import files.

BINTEC Entry Client ver 1.10 build 46 (16-2-2005):

changes to previous version -

1 - Corrections of the NCP Extended Personal Firewall..

BINTEC Entry Client ver 1.10 build 51 (23-2-2005):

1 - Corrected a problem with a user defined installation path
    containing space.

BINTEC Entry Client ver 1.10 build 53 (01-03-2005):

changes to previous version -

1 - Corrected some problems regarding the automatic HotSpot functionality.

BINTEC Entry Client ver 1.10 build 58 (08-03-2005):

changes to previous version -

1 - Added support for static UDP encapsulation of ESP (default port 10000).
2 - Corrected Aggressive mode with RSA SIG to send proper ASN1 Distinguished name.