Releases: ancwrd1/snx-rs
Release list
Version 6.1.2
- Fixed a problem with connectivity check on some corporate networks
- Fixed a bug in the UI where the XFRM transport choice was not shown
- Ask for HSM pin code if it is not provided by the user (#225)
Version 6.1.1
- Fixed a problem with inconsistent caching of gateway information when certificate settings are changed.
- Improve visual feedback and notification in the frontend when gateway address is not accessible.
Version 6.1.0
This version adds experimental support to run snx-rs on Windows, using wintun driver.
MSI installer can be downloaded from the releases page.
All original functionality is available in the Windows version, except for the kernel-based (xfrm) IPsec support.
Important note: MSI and binaries are not signed yet.
Additional fixes in this release:
- Fixed a bug where tray icon was updated too often.
- More consistent UI for the machine certificate authentication settings.
Version 6.0.6
- Added
no-split-dnsoption to disable split DNS for systemd-resolved, required in the container images. - Fixed native kernel IPsec support detection when IPv6 is disabled.
Version 6.0.5
- Added interface statistics in the status window.
- Improved performance when setting up the tunnel.
- Fixed a problem with icon file permissions in the .run installer.
- Update the taskbar menu and Connect button in the status window after the profiles are reordered or modified.
Version 6.0.4
- Added
tls-version-maxparameter to cap the maximum TLS version negotiated with the gateway. The default is now1.2, which avoids silent connect timeouts against gateways (notably Check Point SVN foundation) that fail to respond to TLS 1.3 ClientHello produced by recent OpenSSL releases. Settls-version-max=defaultto keep the previous behavior. - Added connection profiles reordering in the UI.
- Added connection profiles support to snxctl command line utility via the
--profileoption. - Fixed a regression with the manually specified routes when
no-routingoption was enabled.
Version 6.0.3
Note to downstream package maintainers: this release requires to copy the package/icons/*.svg files to /usr/share/icons/hicolor/symbolic/apps directory.
- Added deb and rpm repositories, published at ancwrd1.github.io/snx-rs.
- Added symbolic icons to automatically choose dark/light theme of the taskbar icon.
- Restart frontend automatically after upgrade (beginning with next version).
Version 6.0.1
- Fixed a bug with the .deb package which did not restart the service correctly during upgrade.
- Fixed labels alignment in the status dialog.
- Fixed dark/light theme detection on Ubuntu.
Version 6.0.0
Marking the project's three-year anniversary, this major release delivers a complete UI rewrite and a substantial overhaul of the routing stack.
What started as a reverse-engineering experiment born out of frustration with the official snx client has grown into a full-featured application
with feature parity with the Check Point Windows client, while offering better privacy and performance on Linux.
User interface:
- Rewritten GUI frontend based on the Slint framework, replacing the previous GTK 4 implementation.
- Dropped the GTK 4 dependency for generic builds. GTK 4 and WebKitGTK are still required when the
mobile-accessfeature is enabled, to host the embedded webview. - Tray menu now shows either a Connect or a Disconnect item depending on the current tunnel state, instead of exposing both.
- The connection status dialog now shows the name of the active connection profile.
- Fixed a regression where auto-connect did not trigger reliably on GUI startup.
Routing and networking:
- Refactored split-tunnel routing setup to allow routes that contain the VPN gateway address. Fixes #199.
- Improved error handling and recovery during routing setup and teardown, so a partial failure no longer leaves stale routes behind.
- Several routing fixes for the SSL tunnel and the
default-routeoption. - Fixed a regression with additional search domains being incorrectly treated as routing domains. Fixes #198.
Credentials and profiles:
- Keychain passwords are now stored per connection profile instead of globally. Existing users will be prompted to re-enter their password on first connect after the upgrade.
Version 5.3.0
- Application now uses Linux APIs directly instead of running the external commands to configure OS networking stack.
- Switched to GTK 4.10, requiring Linux distros from 2023 and later.
- Flipped the
no-keychainparameter to bekeychainso that keychain usage is opt-in instead of opt-out. - Added
allow-forwardingoption to enable packet forwarding for the tunnel interface. Forwarding is disabled by default.