On Thursday, September 15 2016, OpenDNS released the Roaming Client for OS X version 2.0.26 for all customers on the stage track.
On Monday, September 26 2016, OpenDNS released the Roaming Client for OS X version 2.0.26 for all customers on first wave of the production track.
On Tuesday, October 11 2016, OpenDNS released the Roaming Client for OS X version 2.0.26 for all customers on second wave of the production track. For this group of customers, the version change is from 2.0.2 to 2.0.26, and includes several smaller releases that were previously only published to earlier release waves. The 2.0.26 client is deemed ready for use by all customers at this time. For the details regarding this upgrade, including all the intermediate changes, please see below.
On Tuesday, October 18th 2016, OpenDNS released the Roaming Client for OS X version 2.0.26 for all customers on final wave of the production track. For this group of customers, the version change is from 2.0.2 to 2.0.26, and includes several smaller releases that were previously only published to earlier release waves. The 2.0.26 client is deemed ready for use by all customers at this time. For the details regarding this upgrade, including all the intermediate changes, please see below.
CHANGE SUMMARY (2.0.23 to 2.0.26)
- Improved reliability of a change in network by relying on reachability callbacks instead of polling.
- Implement local DNS suffix addition to the Roaming Client's built-in allow list.
- Refactored and improved the Roaming Client registration process. The Roaming Client now only does a GET/POST if it does not already have a DeviceID or OriginID, alternating between each type of request: GET/POST/GET/POST.
- Added support for some sync redirect (HTTP 302) support and changed sync to use a synchronous model. The Roaming Client now only follows up to three redirection requests before dropping and waiting for the next syncInterval.
- Added sanity checking for syncHost.
Improved handling of system's resolvers by removing dependency on resolv.conf to use dynamic store instead.
- Reduced sync mechanism chatter by syncing on network change only instead of ERC's internal state change; also, avoiding potential thundering herds by the client under certain network conditions.
The VPN for IP Layer Enforcement has multiple tunnel registration mechanism improvements:
- Only relies on the origin and device IDs when loading Updater.plist. ProfileHost is no longer checked.
- Registration now fails cleanly on an IPv6-only network, as IP Layer Enforcement does not support IPv6.
- The registration API relies on the syncHost value from previous successful sync operation; otherwise it will default to api.opendns.com.
CHANGE SUMMARY (2.0.14 to 2.0.23)
Change summary 2.0.22 to 2.0.23
- The Roaming Client is longer using the deviceID tag in our GET requests to OpenDNS. The deviceID is only requested if the client does not already have one. This addresses an issue where anonymized deviceIDs were not properly being handled.
- Ensured consistent behavior when determining client's network and existence of resolver configuration.
- Logging cleanup to reflect the above changes.
Change summary 2.0.19 to 2.0.22
- Updated the uninstaller to allow the Umbrella Roaming Security AnyConnect client to properly uninstall an existing standalone Umbrella Roaming Client before installing/upgrading.
- Added additional checks to prevent dnscrypt-proxy crashes.
Change summary 2.0.17 to 2.0.19
- Removed the OpenSSL dependency, we are now using new libldns with nossl option.
- Added originTypeName to sync POST to identify roaming client as mac_generic and not mac_anyconnect (previously this was just sent up during registration).
Change summary 2.0.14 to 2.0.17
- Fixed an uncaught exception when terminating IP Layer Enforcement tunnel.
- Improved installer to gracefully handle situations where a menu bar helper is not installed (in "headless mode") and no user is logged in to the system.
- Fixed a potential IP Layer Enforcement IPSec unload problem where future network route and IP blocking rule changes would not be registered.
- Added handling for particular HTTP request time out failure when no internet connection is present.
CHANGE SUMMARY (2.0.2 to 2.0.14)
- Implemented similar route management mechanism for IP Layer Enforcement as the one used by Windows Roaming Client.
- Fixed a potential HTTPS block page redirection problem.
- Fixed IP Layer Enforcement functionality for the Roaming Client when no user interface is present.
- Improved behavior for certain network changes, IP Layer Enforcement functionality, and overall route handling.
- Fixed recovery from sleep when IP Layer Enforcement tunnel was previously established.
- Improved IP Layer Enforcement tunnel shutdown.
- Fixed a potential routing table refresh deadlock condition when the IP Layer Enforcement virtual interface is torn down.
- Changed the retry to every five minutes instead of every 30 seconds for IP list download failures.
- Fixed an edge case where custom IP addresses were not being properly removed from the route table.
- Fixed a crash of the dnscrypt-proxy process.
- Added support for a new version of the web API for IP Layer Enforcement tunnel list download.
- Added a fallback to an earlier version of the IP Layer Enforcement block list, in case newer block list version fails.
PREVIOUS RELEASE NOTES: https://support.opendns.com/entries/100583768