Important note for downstream package maintainers: this release replaces GTK 3 dependency with GTK 4.
- Added automatic detection of IPSec transport.
- GUI frontend: refactored into GTK 4.
- GUI frontend: use
ksnicrate to show tray icon. - Removed
no-cert-checkoption which was used to disable hostname verification. Useignore-server-certinstead. - Removed
server-promptoption. Server prompts are always enabled. - Removed obsolete
ipsec-cert-check,ike-transport,esp-transportandike-portoptions. - Added
port-knockoption to try port knocking workaround for NAT-T port 4500 availability detection. - Changed the internal communication between the frontend and the command service to use Unix domain sockets.
- Fixed many issues related to a concurrent use of the GUI frontend and the snxctl utility.
- It is now possible to cancel the pending connection, also in the MFA state.
- Refactored internal IPSec certificate validation to use the advertised internal_ca_fingerprint.
- Show extended server information with the 'snxctl info` command.
- Fixed a bug with incomplete SSL tunnel shutdown.