TODO list

* DONE: implement ISAKMP and IPSEC SA negotiate support

* DONE: fix delete message

* DONE --non-interactive

* DONE --pid-file

* DONE VERSION

* DONE don't ignore all notifies at ipsec-sa-negotation

* DONE hide user/pass from --debug output

* DONE --verbose

* DONE fix vpnc-disconnect

* DONE NetBSD supported

* DONE FreeBSD supported

* DONE ignore attr 32136! (Cisco extension: XAUTH Vendor)

* DONE ignore "metric10 xx"

* DONE make /var/run/vpnc as needed

* DONE support for new libgcrypt versions

* DONE passcode == password

* DONE post link to http://www.liebchen-online.de/vpn-zaurus.html

* DONE post rfcs and drafts

* DONE include man-page

* DONE fix link at alioth

* DONE memleak fix from Sebastian Biallas

* DONE include OpenBSD support from Nikolay Sturm

* DONE load balancing support (fixes INVALID_EXCHANGE_TYPE in S4.5)

* DONE accept (== ignore) lifetime update in phase1

* DONE send lifetime in phase1 and phase2

* DONE send version string

* DONE automatic handling of pfs

* DONE ask for dns/wins servers, default domain, pfs setting, netmask

* DONE spawn post-connect script

* DONE check /dev/net/tun, reject /dev/tun* on linux

***

* DONE XAUTH Domain: (empty)

* DONE svn-Repository

* DONE implement udp encap via port 10.000
  - apply patch

* DONE fix Makefile (install, DESTDIR, CFLAGS, ...)

* DONE implement udp transport NAT-T
  - apply patch

* DONE make doing xauth optional

* DONE update "check pfs setting" error message

* clean up scripts
  - better handling of routing
  - better handling of resolv.conf

* --local-address

* add support for pcap for packet capture

* links to packages, howtos, etc.
  - kvpnc http://home.gna.org/kvpnc/
  - vpnc+Zaurus http://users.ox.ac.uk/~oliver/vpnc.html
  - linux-mipsel (WRT54G) http://openwrt.alphacore.net/vpnc_0.3.2_mipsel.ipk
  - howto-de http://localhost.ruhr.de/~stefan/uni-duisburg.ai/vpnc.shtml

* add macosx support
  - add pointer to http://chrisp.de/en/projects/tunnel.html

* factor out crypto stuff (cipher, hmac, dh)
  - http://libtomcrypt.org/features.html
  - http://www.foldr.org/~michaelw/ patch fertig
  - libgcrypt (old too?)
  - autodetect?
  - openssl??
* relicense to gpl+ssl?

* use in-kernel-ipsec with pf-key
  - apply patch

--

* implement compression

* implement rekeying / DPD / frozen connections?

* implement certificate support

* implement hybrid-auth

* optional drop root (rekey? reconnect?)

* nortel support?

