New features and enhancements in version 7.3.007

Main features

• Adds a Console window to the TrustedConnect Panel,

• Allows a tunnel to be opened in the TrustedConnect Panel even if a trusted network has been detected,

• The TrustedConnect Panel can now be restarted automatically when the application is quit or crashes,

• CRL can now be downloaded to a cache and an expiration time can be set for the cached CRL,

• Adds a feature to filter data flows combined with captive portal detection (CPD),

• Verification of the user certificate CRL has become optional.

Enhancements

• Increases the number of subnetworks supported to 16,

• Window height of the Connection Panel window can now be increased or decreased,

• Supports multiple source IP addresses on network interface,

• Number of rules for Filtering mode have been increased from 12 to 30,

• Local ID can now be filled automatically with DNS or e-mail in addition to certificate subject,

• Passwords for encrypting exported configurations must now follow ANSSI recommendations, i.e. at least 16 characters in length and use a 90-character alphabet, including at least one uppercase character, one lowercase character, and one special character,

• VPN Client now accepts id-kp-ipsecIKE in Extended Key Usage (EKU) for gateway certificate,

• Improved support for IPsec DR gateways:

  • Child SA rekey now asks for same TS as the one in the original SA that was established,

  • NONCE size is 16 bytes when PRF_HMAC_SHA2_256 is used.

• Improved support for tokens/smart cards:

  • PIN code entry prompt now specifies which smart card/token it concerns,

  • PKCS#11 no longer causes VPN Client to crash with CNG readers,

  • Multiple smart card tunnel is now closed for other readers.

• Greater stability of the IKE module,

• Better performance of AES-GCM encryption,

• Weak algorithms have been removed for SSL/OpenVPN: MD5, SHA1, TLS low security suite, BF-CBC.