v4.13-9522-beta

LICENSE

@@ -3,9 +3,9 @@ open-source. You can redistribute them and/or modify them under the terms of
 the GNU General Public License version 2 as published by the Free Software
 Foundation.
 
-Copyright (c) 2012-2014 Daiyuu Nobori.
-Copyright (c) 2012-2014 SoftEther Project at University of Tsukuba, Japan.
-Copyright (c) 2012-2014 SoftEther Corporation.
+Copyright (c) 2012-2015 Daiyuu Nobori.
+Copyright (c) 2012-2015 SoftEther Project at University of Tsukuba, Japan.
+Copyright (c) 2012-2015 SoftEther Corporation.
 All Rights Reserved.
 http://www.softether.org/
 

LICENSE.TXT

@@ -3,9 +3,9 @@ open-source. You can redistribute them and/or modify them under the terms of
 the GNU General Public License version 2 as published by the Free Software
 Foundation.
 
-Copyright (c) 2012-2014 Daiyuu Nobori.
-Copyright (c) 2012-2014 SoftEther Project at University of Tsukuba, Japan.
-Copyright (c) 2012-2014 SoftEther Corporation.
+Copyright (c) 2012-2015 Daiyuu Nobori.
+Copyright (c) 2012-2015 SoftEther Project at University of Tsukuba, Japan.
+Copyright (c) 2012-2015 SoftEther Corporation.
 All Rights Reserved.
 http://www.softether.org/
 

README

@@ -10,7 +10,7 @@ http://www.softether-download.com/
 We accept your patches by the acceptance policy:
 http://www.softether.org/5-download/src/9.patch
 
-Copyright (c) 2012-2014 SoftEther Project at University of Tsukuba, Japan.
+Copyright (c) 2012-2015 SoftEther Project at University of Tsukuba, Japan.
 
 This program is free software; you can redistribute it and/or modify
 it under the terms of the GNU General Public License version 2

README.TXT

@@ -10,7 +10,7 @@ http://www.softether-download.com/
 We accept your patches by the acceptance policy:
 http://www.softether.org/5-download/src/9.patch
 
-Copyright (c) 2012-2014 SoftEther Project at University of Tsukuba, Japan.
+Copyright (c) 2012-2015 SoftEther Project at University of Tsukuba, Japan.
 
 This program is free software; you can redistribute it and/or modify
 it under the terms of the GNU General Public License version 2

WARNING.TXT

@@ -521,3 +521,45 @@ parts of VPN Gate are not developed by SoftEther Corporation. The VPN Gate
 Research Project is not a subject to be led, operated, promoted nor guaranteed
 by SoftEther Corporation.
 
+5.13. The P2P Relay Function in the VPN Gate Client to strengthen the
+capability of circumvention of censorship firewalls
+VPN Gate Clients, which are published since January 2015, include the P2P
+Relay Function. The P2P Relay Function is implemented in order to strengthen
+the capability of circumvention of censorship firewalls. If the P2P Relay
+Function in your VPN Gate Client is enabled, then the P2P Relay Function will
+accept the incoming VPN connections from the VPN Gate users, which are located
+on mainly same regions around you, and will provide the relay function to the
+external remote VPN Gate Servers, which are hosted by third parties in the
+free Internet environment. This P2P Relay Function never provides the shared
+NAT functions nor replaces the outgoing IP address of the VPN Gate users to
+your IP addresses because this P2P Relay Function only provides the
+"reflection service" (hair-pin relaying), relaying from incoming VPN Gate
+users to an external VPN Gate Server. In this situation, VPN tunnels via your
+P2P Relay Function will be finally terminated on the external VPN Gate Server,
+not your VPN Gate Client. However, the VPN Gate Server as the final
+destination will record your IP address as the source IP address of VPN
+tunnels which will be initiated by your P2P Relay Function. Additionally, user
+packets which are transmitted via your P2P Relay Function will be recorded on
+your computer as packet logs as described on the section 5.8. After you
+installed the VPN Gate Client, and if the P2P Relay Function will be enabled
+automatically, then all matters on the 5.2, 5.3, 5.4, 5.5, 5.6, 5.7, 5.8, 5.9,
+5.10, 5.11 and 5.12 sections will be applied to you and your computer, as same
+to the situation when you enabled the VPN Gate Service (the VPN Gate Server
+function). If your P2P Function is enabled, then your computer's IP address
+and the default operator's name which is described on the section 5.5 will be
+listed on the VPN Gate Server List which is provided by the VPN Gate Project.
+You can change these strings by editing the "vpn_gate_relay.config" file
+manually. Note that you need to stop the VPN Client service before editing it.
+The VPN Gate Client will automatically enable the P2P Relay Function on your
+computer if the VPN Gate Client detects that your computer might be located in
+regions where there are existing censorship firewalls. If you want to disable
+the P2P Relay Function, you must set the "DisableRelayServer" flag to "true"
+on the "vpn_client.config" file which is the configuration file of the VPN
+Client. Note that you need to stop the VPN Client service before editing it.
+The VPN Gate Client does not recognize the particular regulation of your
+country or your region. The VPN Gate Client activates the P2P Relay Function
+even if your country or your region has the law to restrict running P2P relay
+functions. Therefore, in such a case, you must disable the P2P Relay Function
+on the VPN Gate Client manually by setting the "DisableRelayServer" flag if
+you reside in such a restricted area, in your own responsibility.
+

centos/SOURCES/linux_32bit.mak

@@ -1,7 +1,7 @@
 # SoftEther VPN Source Code
 # 
-# Copyright (c) 2012-2014 SoftEther VPN Project at University of Tsukuba, Japan.
-# Copyright (c) 2012-2014 Daiyuu Nobori.
+# Copyright (c) 2012-2015 SoftEther VPN Project at University of Tsukuba, Japan.
+# Copyright (c) 2012-2015 Daiyuu Nobori.
 # All Rights Reserved.
 # 
 # http://www.softether.org/

centos/SOURCES/linux_64bit.mak

@@ -1,7 +1,7 @@
 # SoftEther VPN Source Code
 # 
-# Copyright (c) 2012-2014 SoftEther VPN Project at University of Tsukuba, Japan.
-# Copyright (c) 2012-2014 Daiyuu Nobori.
+# Copyright (c) 2012-2015 SoftEther VPN Project at University of Tsukuba, Japan.
+# Copyright (c) 2012-2015 Daiyuu Nobori.
 # All Rights Reserved.
 # 
 # http://www.softether.org/

src/Cedar/Admin.c

@@ -10400,6 +10400,8 @@ void SiEnumLocalLogFileList(SERVER *s, char *hubname, RPC_ENUM_LOG_FILE *t)
 void SiEnumLocalSession(SERVER *s, char *hubname, RPC_ENUM_SESSION *t)
 {
 	HUB *h;
+	UINT64 now = Tick64();
+	UINT64 dormant_interval = 0;
 	// Validate arguments
 	if (s == NULL || hubname == NULL || t == NULL)
 	{
@@ -10417,6 +10419,11 @@ void SiEnumLocalSession(SERVER *s, char *hubname, RPC_ENUM_SESSION *t)
 		return;
 	}
 
+	if (h->Option != NULL)
+	{
+		dormant_interval = h->Option->DetectDormantSessionInterval * (UINT64)1000;
+	}
+
 	LockList(h->SessionList);
 	{
 		UINT i;
@@ -10453,8 +10460,36 @@ void SiEnumLocalSession(SERVER *s, char *hubname, RPC_ENUM_SESSION *t)
 				e->Client_BridgeMode = s->IsBridgeMode;
 				e->Client_MonitorMode = s->IsMonitorMode;
 				Copy(e->UniqueId, s->NodeInfo.UniqueId, 16);
+
+				if (s->NormalClient)
+				{
+					e->IsDormantEnabled = (dormant_interval == 0 ? false : true);
+					if (e->IsDormantEnabled)
+					{
+						if (s->LastCommTimeForDormant == 0)
+						{
+							e->LastCommDormant = (UINT64)0x7FFFFFFF;
+						}
+						else
+						{
+							e->LastCommDormant = now - s->LastCommTimeForDormant;
+						}
+						if (s->LastCommTimeForDormant == 0)
+						{
+							e->IsDormant = true;
+						}
+						else
+						{
+							if ((s->LastCommTimeForDormant + dormant_interval) < now)
+							{
+								e->IsDormant = true;
+							}
+						}
+					}
+				}
 			}
 			Unlock(s->lock);
+
 			GetMachineName(e->RemoteHostname, sizeof(e->RemoteHostname));
 		}
 	}
@@ -12744,6 +12779,9 @@ void InRpcEnumSession(RPC_ENUM_SESSION *t, PACK *p)
 		PackGetStrEx(p, "RemoteHostname", e->RemoteHostname, sizeof(e->RemoteHostname), i);
 		e->VLanId = PackGetIntEx(p, "VLanId", i);
 		PackGetDataEx2(p, "UniqueId", e->UniqueId, sizeof(e->UniqueId), i);
+		e->IsDormantEnabled = PackGetBoolEx(p, "IsDormantEnabled", i);
+		e->IsDormant = PackGetBoolEx(p, "IsDormant", i);
+		e->LastCommDormant = PackGetInt64Ex(p, "LastCommDormant", i);
 	}
 }
 void OutRpcEnumSession(PACK *p, RPC_ENUM_SESSION *t)
@@ -12778,6 +12816,9 @@ void OutRpcEnumSession(PACK *p, RPC_ENUM_SESSION *t)
 		PackAddBoolEx(p, "Client_MonitorMode", e->Client_MonitorMode, i, t->NumSession);
 		PackAddIntEx(p, "VLanId", e->VLanId, i, t->NumSession);
 		PackAddDataEx(p, "UniqueId", e->UniqueId, sizeof(e->UniqueId), i, t->NumSession);
+		PackAddBoolEx(p, "IsDormantEnabled", e->IsDormantEnabled, i, t->NumSession);
+		PackAddBoolEx(p, "IsDormant", e->IsDormant, i, t->NumSession);
+		PackAddInt64Ex(p, "LastCommDormant", e->LastCommDormant, i, t->NumSession);
 	}
 }
 void FreeRpcEnumSession(RPC_ENUM_SESSION *t)

src/Cedar/Admin.h

@@ -672,6 +672,9 @@ struct RPC_ENUM_SESSION_ITEM
 	bool Client_MonitorMode;						// Client is monitoring mode
 	UINT VLanId;									// VLAN ID
 	UCHAR UniqueId[16];								// Unique ID
+	bool IsDormantEnabled;							// Is the dormant state enabled
+	bool IsDormant;									// Is in the dormant state
+	UINT64 LastCommDormant;							// Last comm interval in the dormant state
 };
 
 // Disconnect the session

src/Cedar/BridgeUnix.c

@@ -159,14 +159,22 @@ struct my_tpacket_auxdata
 #define	MY_PACKET_AUXDATA 8
 #endif	// UNIX_LINUX
 
+static LIST *eth_offload_list = NULL;
+
 // Initialize
 void InitEth()
 {
+	eth_offload_list = NewList(NULL);
 }
 
 // Free
 void FreeEth()
 {
+	if (eth_offload_list != NULL)
+	{
+		FreeStrList(eth_offload_list);
+		eth_offload_list = NULL;
+	}
 }
 
 // Check whether interface description string of Ethernet device can be retrieved in this system
@@ -683,8 +691,24 @@ ETH *OpenEthLinux(char *name, bool local, bool tapmode, char *tapaddr)
 	{
 		if (GetGlobalServerFlag(GSF_LOCALBRIDGE_NO_DISABLE_OFFLOAD) == false)
 		{
-			// Disable hardware offloading
-			UnixDisableInterfaceOffload(name);
+			bool b = false;
+
+			LockList(eth_offload_list);
+			{
+				if (IsInListStr(eth_offload_list, name) == false)
+				{
+					b = true;
+
+					Add(eth_offload_list, CopyStr(name));
+				}
+			}
+			UnlockList(eth_offload_list);
+
+			if (b)
+			{
+				// Disable hardware offloading
+				UnixDisableInterfaceOffload(name);
+			}
 		}
 	}
 

src/Cedar/Cedar.c

@@ -237,7 +237,7 @@ bool IsSupportedWinVer(RPC_WINVER *v)
 
 #if	0
 	// Enable in future when supported
-	if (v->VerMajor == 6 && v->VerMinor == 4)
+	if ((v->VerMajor == 6 && v->VerMinor == 4) ||(v->VerMajor == 10 && v->VerMinor == 0))
 	{
 		// Windows 10, Server 10
 		if (v->ServicePack <= 0)
@@ -908,6 +908,8 @@ void AddConnection(CEDAR *cedar, CONNECTION *c)
 	// Determine the name of the connection
 	i = Inc(cedar->ConnectionIncrement);
 	Format(tmp, sizeof(tmp), "CID-%u", i);
+
+
 	Lock(c->lock);
 	{
 		Free(c->Name);

src/Cedar/Cedar.h

@@ -135,10 +135,10 @@
 
 
 // Version number
-#define	CEDAR_VER					412
+#define	CEDAR_VER					413
 
 // Build Number
-#define	CEDAR_BUILD					9514
+#define	CEDAR_BUILD					9522
 
 // Beta number
 //#define	BETA_NUMBER					3
@@ -153,15 +153,15 @@
 
 // Specify the location to build
 #ifndef	BUILD_PLACE
-#define	BUILD_PLACE			"pc25"
+#define	BUILD_PLACE			"pc30"
 #endif	// BUILD_PLACE
 
 // Specifies the build date
-#define	BUILD_DATE_Y		2014
-#define	BUILD_DATE_M		11
-#define	BUILD_DATE_D		17
-#define	BUILD_DATE_HO		21
-#define	BUILD_DATE_MI		41
+#define	BUILD_DATE_Y		2015
+#define	BUILD_DATE_M		1
+#define	BUILD_DATE_D		30
+#define	BUILD_DATE_HO		19
+#define	BUILD_DATE_MI		27
 #define	BUILD_DATE_SE		16
 
 // Tolerable time difference

src/Cedar/Client.c

@@ -10462,7 +10462,7 @@ void CiWriteSettingToCfg(CLIENT *c, FOLDER *root)
 }
 
 // Create the inner VPN Server
-SERVER *CiNewInnerVPNServer(CLIENT *c)
+SERVER *CiNewInnerVPNServer(CLIENT *c, bool relay_server)
 {
 	SERVER *s = NULL;
 	// Validate arguments
@@ -10473,7 +10473,7 @@ SERVER *CiNewInnerVPNServer(CLIENT *c)
 
 	SetNatTLowPriority();
 
-	s = SiNewServerEx(false, true);
+	s = SiNewServerEx(false, true, relay_server);
 
 	return s;
 }

src/Cedar/Client.h

@@ -797,7 +797,7 @@ bool CiEraseSensitiveInAccount(BUF *b);
 bool CiHasAccountSensitiveInformation(BUF *b);
 bool CiHasAccountSensitiveInformationFile(wchar_t *name);
 void CiApplyInnerVPNServerConfig(CLIENT *c);
-SERVER *CiNewInnerVPNServer(CLIENT *c);
+SERVER *CiNewInnerVPNServer(CLIENT *c, bool relay_server);
 void CiFreeInnerVPNServer(CLIENT *c, SERVER *s);
 void CiIncrementNumActiveSessions();
 void CiDecrementNumActiveSessions();

src/Cedar/DDNS.c

@@ -518,7 +518,7 @@ UINT DCRegister(DDNS_CLIENT *c, bool ipv6, DDNS_REGISTER_PARAM *p, char *replace
 	UCHAR machine_key[SHA1_SIZE];
 	char machine_key_str[MAX_SIZE];
 	char machine_name[MAX_SIZE];
-	BUF *cert_hash;
+	BUF *cert_hash = NULL;
 	UINT err = ERR_INTERNAL_ERROR;
 	UCHAR key_hash[SHA1_SIZE];
 	char key_hash_str[MAX_SIZE];
@@ -528,12 +528,18 @@ UINT DCRegister(DDNS_CLIENT *c, bool ipv6, DDNS_REGISTER_PARAM *p, char *replace
 	UINT build = 0;
 	bool use_https = false;
 	bool use_vgs = false;
+	bool no_cert_verify = false;
+	char add_header_name[64];
+	char add_header_value[64];
 	// Validate arguments
 	if (c == NULL)
 	{
 		return ERR_INTERNAL_ERROR;
 	}
 
+	Zero(add_header_name, sizeof(add_header_name));
+	Zero(add_header_value, sizeof(add_header_value));
+
 	Zero(current_azure_ip, sizeof(current_azure_ip));
 
 	GetCurrentMachineIpProcessHash(machine_key);
@@ -642,8 +648,6 @@ UINT DCRegister(DDNS_CLIENT *c, bool ipv6, DDNS_REGISTER_PARAM *p, char *replace
 
 
 
-	cert_hash = StrToBin(DDNS_CERT_HASH);
-
 	Format(url2, sizeof(url2), "%s?v=%I64u", url, Rand64());
 	Format(url3, sizeof(url3), url2, key_hash_str[2], key_hash_str[3]);
 
@@ -654,10 +658,23 @@ UINT DCRegister(DDNS_CLIENT *c, bool ipv6, DDNS_REGISTER_PARAM *p, char *replace
 
 	ReplaceStr(url3, sizeof(url3), url3, ".servers", ".open.servers");
 
-	Debug("WpcCall: %s\n", url3);
-	ret = WpcCallEx(url3, &t, DDNS_CONNECT_TIMEOUT, DDNS_COMM_TIMEOUT, "register", req,
-		NULL, NULL, ((cert_hash != NULL && cert_hash->Size == SHA1_SIZE) ? cert_hash->Buf : NULL), NULL, DDNS_RPC_MAX_RECV_SIZE);
-	Debug("WpcCall Ret: %u\n", ret);
+
+	if (no_cert_verify == false)
+	{
+		cert_hash = StrToBin(DDNS_CERT_HASH);
+	}
+
+	ret = NULL;
+
+
+	if (ret == NULL)
+	{
+		Debug("WpcCall: %s\n", url3);
+		ret = WpcCallEx(url3, &t, DDNS_CONNECT_TIMEOUT, DDNS_COMM_TIMEOUT, "register", req,
+			NULL, NULL, ((cert_hash != NULL && cert_hash->Size == SHA1_SIZE) ? cert_hash->Buf : NULL), NULL, DDNS_RPC_MAX_RECV_SIZE,
+			add_header_name, add_header_value);
+		Debug("WpcCall Ret: %u\n", ret);
+	}
 
 	FreeBuf(cert_hash);
 
@@ -806,7 +823,8 @@ UINT DCGetMyIpMain(DDNS_CLIENT *c, bool ipv6, char *dst, UINT dst_size, bool use
 	UINT ret = ERR_INTERNAL_ERROR;
 	URL_DATA data;
 	BUF *recv;
-	BUF *cert_hash;
+	BUF *cert_hash = NULL;
+	bool no_cert_verify = false;
 	// Validate arguments
 	if (dst == NULL || c == NULL)
 	{
@@ -844,12 +862,17 @@ UINT DCGetMyIpMain(DDNS_CLIENT *c, bool ipv6, char *dst, UINT dst_size, bool use
 		ReplaceStr(url2, sizeof(url2), url2, "http://", "https://");
 	}
 
+
 	if (ParseUrl(&data, url2, false, NULL) == false)
 	{
 		return ERR_INTERNAL_ERROR;
 	}
 
-	cert_hash = StrToBin(DDNS_CERT_HASH);
+	if (no_cert_verify == false)
+	{
+		cert_hash = StrToBin(DDNS_CERT_HASH);
+	}
+
 
 	recv = HttpRequest(&data, (ipv6 ? NULL : &c->InternetSetting), DDNS_CONNECT_TIMEOUT, DDNS_COMM_TIMEOUT, &ret, false, NULL, NULL,
 		NULL, ((cert_hash != NULL && cert_hash->Size == SHA1_SIZE) ? cert_hash->Buf : NULL));
@@ -904,6 +927,7 @@ UINT DCGetMyIpMain(DDNS_CLIENT *c, bool ipv6, char *dst, UINT dst_size, bool use
 	return ret;
 }
 
+
 // Creating a DDNS client
 DDNS_CLIENT *NewDDNSClient(CEDAR *cedar, UCHAR *key, INTERNET_SETTING *t)
 {

src/Cedar/DDNS.h

@@ -236,6 +236,8 @@ UINT DCChangeHostName(DDNS_CLIENT *c, char *hostname);
 void DCSetInternetSetting(DDNS_CLIENT *c, INTERNET_SETTING *t);
 void DCGetInternetSetting(DDNS_CLIENT *c, INTERNET_SETTING *t);
 
+
+
 #endif	// DDNS_H
 
 

src/Cedar/Hub.c

@@ -598,6 +598,8 @@ void DataToHubOptionStruct(HUB_OPTION *o, RPC_ADMIN_OPTION *ao)
 	GetHubAdminOptionDataAndSet(ao, "SuppressClientUpdateNotification", &o->SuppressClientUpdateNotification);
 	GetHubAdminOptionDataAndSet(ao, "FloodingSendQueueBufferQuota", &o->FloodingSendQueueBufferQuota);
 	GetHubAdminOptionDataAndSet(ao, "AssignVLanIdByRadiusAttribute", &o->AssignVLanIdByRadiusAttribute);
+	GetHubAdminOptionDataAndSet(ao, "SecureNAT_RandomizeAssignIp", &o->SecureNAT_RandomizeAssignIp);
+	GetHubAdminOptionDataAndSet(ao, "DetectDormantSessionInterval", &o->DetectDormantSessionInterval);
 }
 
 // Convert the contents of the HUB_OPTION to data
@@ -664,6 +666,8 @@ void HubOptionStructToData(RPC_ADMIN_OPTION *ao, HUB_OPTION *o, char *hub_name)
 	Add(aol, NewAdminOption("SuppressClientUpdateNotification", o->SuppressClientUpdateNotification));
 	Add(aol, NewAdminOption("FloodingSendQueueBufferQuota", o->FloodingSendQueueBufferQuota));
 	Add(aol, NewAdminOption("AssignVLanIdByRadiusAttribute", o->AssignVLanIdByRadiusAttribute));
+	Add(aol, NewAdminOption("SecureNAT_RandomizeAssignIp", o->SecureNAT_RandomizeAssignIp));
+	Add(aol, NewAdminOption("DetectDormantSessionInterval", o->DetectDormantSessionInterval));
 
 	Zero(ao, sizeof(RPC_ADMIN_OPTION));
 
@@ -3973,6 +3977,7 @@ void StorePacket(HUB *hub, SESSION *s, PKT *packet)
 	bool drop_broadcast_packet_privacy = false;
 	bool drop_arp_packet_privacy = false;
 	UINT tcp_queue_quota = 0;
+	UINT64 dormant_interval = 0;
 	// Validate arguments
 	if (hub == NULL || packet == NULL)
 	{
@@ -3996,6 +4001,24 @@ void StorePacket(HUB *hub, SESSION *s, PKT *packet)
 		drop_broadcast_packet_privacy = hub->Option->DropBroadcastsInPrivacyFilterMode;
 		drop_arp_packet_privacy = hub->Option->DropArpInPrivacyFilterMode;
 		tcp_queue_quota = hub->Option->FloodingSendQueueBufferQuota;
+		if (hub->Option->DetectDormantSessionInterval != 0)
+		{
+			dormant_interval = (UINT64)hub->Option->DetectDormantSessionInterval * (UINT64)1000;
+		}
+	}
+
+	if (dormant_interval != 0)
+	{
+		if (s != NULL && s->NormalClient)
+		{
+			if (packet->MacAddressSrc != NULL)
+			{
+				if (IsHubMacAddress(packet->MacAddressSrc) == false)
+				{
+					s->LastCommTimeForDormant = now;
+				}
+			}
+		}
 	}
 
 	// Lock the entire MAC address table
@@ -4944,6 +4967,19 @@ DISCARD_UNICAST_PACKET:
 									discard = true;
 								}
 
+								if (dest_session->NormalClient)
+								{
+									if (dormant_interval != 0)
+									{
+										if (dest_session->LastCommTimeForDormant == 0 ||
+											(dest_session->LastCommTimeForDormant + dormant_interval) < now)
+										{
+											// This is dormant session
+											discard = true;
+										}
+									}
+								}
+
 								if (tcp_queue_quota != 0)
 								{
 									current_tcp_queue_size = CedarGetCurrentTcpQueueSize(hub->Cedar);

src/Cedar/Hub.h

@@ -276,6 +276,8 @@ struct HUB_OPTION
 	bool SuppressClientUpdateNotification;	// Suppress the update notification function on the VPN Client
 	UINT FloodingSendQueueBufferQuota;	// The global quota of send queues of flooding packets
 	bool AssignVLanIdByRadiusAttribute;	// Assign the VLAN ID for the VPN session, by the attribute value of RADIUS
+	bool SecureNAT_RandomizeAssignIp;	// Randomize the assignment IP address for new DHCP client
+	UINT DetectDormantSessionInterval;	// Interval (seconds) threshold to detect a dormant VPN session
 };
 
 // MAC table entry
@@ -487,8 +489,10 @@ struct HUB
 	wchar_t *Msg;						// Message to be displayed when the client is connected
 	LIST *UserList;						// Cache of the user list file
 	bool IsVgsHub;						// Whether it's a VGS Virtual HUB
+	bool IsVgsSuperRelayHub;			// Whether it's a VGS Super Relay Virtual HUB
 	UINT64 LastFlushTick;				// Last tick to flush the MAC address table
 	bool StopAllLinkFlag;				// Stop all link flag
+	bool ForceDisableComm;				// Disable the communication function
 };
 
 

src/Cedar/IPsec.c

@@ -392,12 +392,14 @@ void IPsecServerUdpPacketRecvProc(UDPLISTENER *u, LIST *packet_list)
 
 	if (ipsec_disable == false)
 	{
-		// Process the received packet
-		for (i = 0;i < LIST_NUM(packet_list);i++)
 		{
-			UDPPACKET *p = LIST_DATA(packet_list, i);
+			// Process the received packet
+			for (i = 0;i < LIST_NUM(packet_list);i++)
+			{
+				UDPPACKET *p = LIST_DATA(packet_list, i);
 
-			IPsecProcPacket(s, p);
+				IPsecProcPacket(s, p);
+			}
 		}
 	}
 

src/Cedar/IPsec_L2TP.c

@@ -1312,6 +1312,11 @@ L2TP_SESSION *NewL2TPSession(L2TP_SERVER *l2tp, L2TP_TUNNEL *t, UINT session_id_
 		return NULL;
 	}
 
+	if (LIST_NUM(t->SessionList) >= L2TP_QUOTA_MAX_NUM_SESSIONS_PER_TUNNEL)
+	{
+		return NULL;
+	}
+
 	if (t->IsV3 == false)
 	{
 		session_id_by_server = GenerateNewSessionIdEx(t, t->IsV3);
@@ -1481,6 +1486,31 @@ L2TP_SESSION *GetSessionFromIdAssignedByClient(L2TP_TUNNEL *t, UINT session_id)
 	return NULL;
 }
 
+// Get the number of L2TP sessions connected from the client IP address
+UINT GetNumL2TPTunnelsByClientIP(L2TP_SERVER *l2tp, IP *client_ip)
+{
+	UINT i, ret;
+	// Validate arguments
+	if (l2tp == NULL || client_ip == NULL)
+	{
+		return 0;
+	}
+
+	ret = 0;
+
+	for (i = 0;i < LIST_NUM(l2tp->TunnelList);i++)
+	{
+		L2TP_TUNNEL *t = LIST_DATA(l2tp->TunnelList, i);
+
+		if (CmpIpAddr(&t->ClientIp, client_ip) == 0)
+		{
+			ret++;
+		}
+	}
+
+	return ret;
+}
+
 // Performs processing L2TP received packets.
 void ProcL2TPPacketRecv(L2TP_SERVER *l2tp, UDPPACKET *p)
 {
@@ -1509,106 +1539,109 @@ void ProcL2TPPacketRecv(L2TP_SERVER *l2tp, UDPPACKET *p)
 				UINT client_assigned_id = (pp->Ver == 3 ? READ_UINT(a->Data) : READ_USHORT(a->Data));
 				if (GetTunnelFromIdOfAssignedByClient(l2tp, &p->SrcIP, client_assigned_id) == NULL)
 				{
-					char ipstr[MAX_SIZE];
-					L2TP_PACKET *pp2;
-					UCHAR protocol_version[2];
-					UCHAR caps_data[4];
-					USHORT us;
-					char hostname[MAX_SIZE];
-
-					// Begin Tunneling
-					L2TP_TUNNEL *t = NewL2TPTunnel(l2tp, pp, p);
-
-					if (t != NULL)
+					if (LIST_NUM(l2tp->TunnelList) < L2TP_QUOTA_MAX_NUM_TUNNELS && GetNumL2TPTunnelsByClientIP(l2tp, &p->SrcIP) >= L2TP_QUOTA_MAX_NUM_TUNNELS_PER_IP)
 					{
-						IPToStr(ipstr, sizeof(ipstr), &t->ClientIp);
-						Debug("L2TP New Tunnel From %s (%s, %s): New Tunnel ID = %u/%u\n", ipstr, t->HostName, t->VendorName,
-							t->TunnelId1, t->TunnelId2);
+						char ipstr[MAX_SIZE];
+						L2TP_PACKET *pp2;
+						UCHAR protocol_version[2];
+						UCHAR caps_data[4];
+						USHORT us;
+						char hostname[MAX_SIZE];
 
-						// Add the tunnel to the list
-						Add(l2tp->TunnelList, t);
+						// Begin Tunneling
+						L2TP_TUNNEL *t = NewL2TPTunnel(l2tp, pp, p);
+
+						if (t != NULL)
+						{
+							IPToStr(ipstr, sizeof(ipstr), &t->ClientIp);
+							Debug("L2TP New Tunnel From %s (%s, %s): New Tunnel ID = %u/%u\n", ipstr, t->HostName, t->VendorName,
+								t->TunnelId1, t->TunnelId2);
 
-						// Respond with SCCEP to SCCRQ
-						pp2 = NewL2TPControlPacket(L2TP_MESSAGE_TYPE_SCCRP, t->IsV3);
+							// Add the tunnel to the list
+							Add(l2tp->TunnelList, t);
 
-						// Protocol Version
-						protocol_version[0] = 1;
-						protocol_version[1] = 0;
-						Add(pp2->AvpList, NewAVP(L2TP_AVP_TYPE_PROTOCOL_VERSION, true, 0, protocol_version, sizeof(protocol_version)));
+							// Respond with SCCEP to SCCRQ
+							pp2 = NewL2TPControlPacket(L2TP_MESSAGE_TYPE_SCCRP, t->IsV3);
 
-						// Framing Capabilities
-						Zero(caps_data, sizeof(caps_data));
-						if (t->IsV3 == false)
-						{
-							caps_data[3] = 3;
-						}
-						Add(pp2->AvpList, NewAVP(L2TP_AVP_TYPE_FRAME_CAP, false, 0, caps_data, sizeof(caps_data)));
+							// Protocol Version
+							protocol_version[0] = 1;
+							protocol_version[1] = 0;
+							Add(pp2->AvpList, NewAVP(L2TP_AVP_TYPE_PROTOCOL_VERSION, true, 0, protocol_version, sizeof(protocol_version)));
 
-						if (t->IsV3 == false)
-						{
-							// Bearer Capabilities
+							// Framing Capabilities
 							Zero(caps_data, sizeof(caps_data));
-							caps_data[3] = 3;
-							Add(pp2->AvpList, NewAVP(L2TP_AVP_TYPE_BEARER_CAP, false, 0, caps_data, sizeof(caps_data)));
-						}
+							if (t->IsV3 == false)
+							{
+								caps_data[3] = 3;
+							}
+							Add(pp2->AvpList, NewAVP(L2TP_AVP_TYPE_FRAME_CAP, false, 0, caps_data, sizeof(caps_data)));
 
-						// Host Name
-						GetMachineHostName(hostname, sizeof(hostname));
-						if (IsEmptyStr(hostname))
-						{
-							StrCpy(hostname, sizeof(hostname), "vpn");
-						}
-						Add(pp2->AvpList, NewAVP(L2TP_AVP_TYPE_HOST_NAME, true, 0, hostname, StrLen(hostname)));
+							if (t->IsV3 == false)
+							{
+								// Bearer Capabilities
+								Zero(caps_data, sizeof(caps_data));
+								caps_data[3] = 3;
+								Add(pp2->AvpList, NewAVP(L2TP_AVP_TYPE_BEARER_CAP, false, 0, caps_data, sizeof(caps_data)));
+							}
 
-						// Vendor Name
-						Add(pp2->AvpList, NewAVP(L2TP_AVP_TYPE_VENDOR_NAME, false, 0, L2TP_VENDOR_NAME, StrLen(L2TP_VENDOR_NAME)));
+							// Host Name
+							GetMachineHostName(hostname, sizeof(hostname));
+							if (IsEmptyStr(hostname))
+							{
+								StrCpy(hostname, sizeof(hostname), "vpn");
+							}
+							Add(pp2->AvpList, NewAVP(L2TP_AVP_TYPE_HOST_NAME, true, 0, hostname, StrLen(hostname)));
 
-						// Assigned Tunnel ID
-						if (t->IsV3 == false)
-						{
-							us = Endian16(t->TunnelId2);
-							Add(pp2->AvpList, NewAVP(L2TP_AVP_TYPE_ASSIGNED_TUNNEL, true, 0, &us, sizeof(USHORT)));
-						}
-						else
-						{
-							UINT ui = Endian32(t->TunnelId2);
-							Add(pp2->AvpList, NewAVP(L2TP_AVP_TYPE_V3_TUNNEL_ID, true, 0, &ui, sizeof(UINT)));
+							// Vendor Name
+							Add(pp2->AvpList, NewAVP(L2TP_AVP_TYPE_VENDOR_NAME, false, 0, L2TP_VENDOR_NAME, StrLen(L2TP_VENDOR_NAME)));
 
-							if (t->IsCiscoV3)
+							// Assigned Tunnel ID
+							if (t->IsV3 == false)
 							{
-								Add(pp2->AvpList, NewAVP(L2TPV3_CISCO_AVP_TUNNEL_ID, true, L2TP_AVP_VENDOR_ID_CISCO, &ui, sizeof(UINT)));
+								us = Endian16(t->TunnelId2);
+								Add(pp2->AvpList, NewAVP(L2TP_AVP_TYPE_ASSIGNED_TUNNEL, true, 0, &us, sizeof(USHORT)));
 							}
-						}
+							else
+							{
+								UINT ui = Endian32(t->TunnelId2);
+								Add(pp2->AvpList, NewAVP(L2TP_AVP_TYPE_V3_TUNNEL_ID, true, 0, &ui, sizeof(UINT)));
 
-						// Pseudowire Capabilities List
-						if (t->IsV3)
-						{
-							// Only Ethernet
-							USHORT cap_list[2];
-							cap_list[0] = Endian16(L2TPV3_PW_TYPE_ETHERNET);
-							cap_list[1] = Endian16(L2TPV3_PW_TYPE_ETHERNET_VLAN);
-							Add(pp2->AvpList, NewAVP(L2TP_AVP_TYPE_V3_PW_CAP_LIST, true, 0, cap_list, sizeof(cap_list)));
+								if (t->IsCiscoV3)
+								{
+									Add(pp2->AvpList, NewAVP(L2TPV3_CISCO_AVP_TUNNEL_ID, true, L2TP_AVP_VENDOR_ID_CISCO, &ui, sizeof(UINT)));
+								}
+							}
 
-							if (t->IsCiscoV3)
+							// Pseudowire Capabilities List
+							if (t->IsV3)
 							{
-								Add(pp2->AvpList, NewAVP(L2TPV3_CISCO_AVP_PW_CAP_LIST, true, L2TP_AVP_VENDOR_ID_CISCO, cap_list, sizeof(cap_list)));
+								// Only Ethernet
+								USHORT cap_list[2];
+								cap_list[0] = Endian16(L2TPV3_PW_TYPE_ETHERNET);
+								cap_list[1] = Endian16(L2TPV3_PW_TYPE_ETHERNET_VLAN);
+								Add(pp2->AvpList, NewAVP(L2TP_AVP_TYPE_V3_PW_CAP_LIST, true, 0, cap_list, sizeof(cap_list)));
+
+								if (t->IsCiscoV3)
+								{
+									Add(pp2->AvpList, NewAVP(L2TPV3_CISCO_AVP_PW_CAP_LIST, true, L2TP_AVP_VENDOR_ID_CISCO, cap_list, sizeof(cap_list)));
+								}
 							}
-						}
 
-						// Cisco AVP
-						if (t->IsCiscoV3)
-						{
-							USHORT us = Endian16(1);
-							Add(pp2->AvpList, NewAVP(L2TPV3_CISCO_AVP_DRAFT_AVP_VERSION, true, L2TP_AVP_VENDOR_ID_CISCO, &us, sizeof(USHORT)));
-						}
+							// Cisco AVP
+							if (t->IsCiscoV3)
+							{
+								USHORT us = Endian16(1);
+								Add(pp2->AvpList, NewAVP(L2TPV3_CISCO_AVP_DRAFT_AVP_VERSION, true, L2TP_AVP_VENDOR_ID_CISCO, &us, sizeof(USHORT)));
+							}
 
-						// Recv Window Size
-						us = Endian16(L2TP_WINDOW_SIZE);
-						Add(pp2->AvpList, NewAVP(L2TP_AVP_TYPE_RECV_WINDOW_SIZE, false, 0, &us, sizeof(USHORT)));
+							// Recv Window Size
+							us = Endian16(L2TP_WINDOW_SIZE);
+							Add(pp2->AvpList, NewAVP(L2TP_AVP_TYPE_RECV_WINDOW_SIZE, false, 0, &us, sizeof(USHORT)));
 
-						SendL2TPControlPacket(l2tp, t, 0, pp2);
+							SendL2TPControlPacket(l2tp, t, 0, pp2);
 
-						FreeL2TPPacket(pp2);
+							FreeL2TPPacket(pp2);
+						}
 					}
 				}
 			}

src/Cedar/IPsec_L2TP.h

@@ -148,6 +148,11 @@
 // Threshold number of registered items in the transmission queue for suppressing the L2TP Hello transmission
 #define	L2TP_HELLO_SUPRESS_MAX_THRETHORD_NUM_SEND_QUEUE		32
 
+// Quota
+#define	L2TP_QUOTA_MAX_NUM_TUNNELS_PER_IP		1000			// Number of L2TP sessions per IP address
+#define	L2TP_QUOTA_MAX_NUM_TUNNELS				30000			// Limit of the number of sessions
+#define	L2TP_QUOTA_MAX_NUM_SESSIONS_PER_TUNNEL	1024		// Max sessions in a tunnel
+
 // L2TP window size
 #define	L2TP_WINDOW_SIZE				16
 
@@ -328,6 +333,7 @@ struct L2TP_SERVER
 //// Function prototype
 L2TP_SERVER *NewL2TPServer(CEDAR *cedar);
 L2TP_SERVER *NewL2TPServerEx(CEDAR *cedar, IKE_SERVER *ike, bool is_ipv6, UINT crypt_block_size);
+UINT GetNumL2TPTunnelsByClientIP(L2TP_SERVER *l2tp, IP *client_ip);
 void SetL2TPServerSockEvent(L2TP_SERVER *l2tp, SOCK_EVENT *e);
 void FreeL2TPServer(L2TP_SERVER *l2tp);
 void StopL2TPServer(L2TP_SERVER *l2tp, bool no_wait);

src/Cedar/Interop_SSTP.c

@@ -118,6 +118,7 @@ static bool g_no_sstp = false;
 // Get the SSTP disabling flag
 bool GetNoSstp()
 {
+
 	return g_no_sstp;
 }
 

src/Cedar/Protocol.c

@@ -1596,6 +1596,16 @@ bool ServerAccept(CONNECTION *c)
 			goto CLEANUP;
 		}
 
+		if (hub->ForceDisableComm)
+		{
+			// Commnunication function is disabled
+			FreePack(p);
+			c->Err = ERR_SERVER_CANT_ACCEPT;
+			error_detail = "ERR_COMM_DISABLED";
+			ReleaseHub(hub);
+			goto CLEANUP;
+		}
+
 		if (GetGlobalServerFlag(GSF_DISABLE_AC) == 0)
 		{
 			if (hub->HubDb != NULL && c->FirstSock != NULL)
@@ -2974,8 +2984,11 @@ bool ServerAccept(CONNECTION *c)
 
 			if (s->UseUdpAcceleration)
 			{
+				bool no_nat_t = false;
+
+
 				// Initialize the UDP acceleration function
-				s->UdpAccel = NewUdpAccel(c->Cedar, (c->FirstSock->IsRUDPSocket ? NULL : &c->FirstSock->LocalIP), false, c->FirstSock->IsRUDPSocket, false);
+				s->UdpAccel = NewUdpAccel(c->Cedar, (c->FirstSock->IsRUDPSocket ? NULL : &c->FirstSock->LocalIP), false, c->FirstSock->IsRUDPSocket, no_nat_t);
 				if (s->UdpAccel == NULL)
 				{
 					s->UseUdpAcceleration = false;
@@ -6039,6 +6052,8 @@ bool ServerDownloadSignature(CONNECTION *c, char **error_detail_str)
 
 	while (true)
 	{
+		bool not_found_error = false;
+
 		num++;
 		if (num > max)
 		{
@@ -6082,6 +6097,8 @@ bool ServerDownloadSignature(CONNECTION *c, char **error_detail_str)
 		}
 
 
+
+
 		// Interpret
 		if (StrCmpi(h->Method, "POST") == 0)
 		{
@@ -6107,7 +6124,7 @@ bool ServerDownloadSignature(CONNECTION *c, char **error_detail_str)
 				return false;
 			}
 			// Check the Target
-			if (StrCmpi(h->Target, vpn_http_target) != 0)
+			if ((StrCmpi(h->Target, vpn_http_target) != 0) || not_found_error)
 			{
 				// Target is invalid
 				HttpSendNotFound(s, h->Target);

src/Cedar/SM.c

@@ -9629,6 +9629,11 @@ void SmSessionDlgRefresh(HWND hWnd, SM_HUB *s)
 			}
 		}
 
+		if (e->IsDormantEnabled && e->IsDormant)
+		{
+			icon = ICO_TRAY0;
+		}
+
 		LvInsertAdd(b, icon, (void *)(e->RemoteSession), 8, tmp1, tmp8, tmp2, tmp3, tmp4, tmp5, tmp6, tmp7);
 
 		if (free_tmp2)

src/Cedar/Server.c

@@ -117,6 +117,7 @@ static SERVER *server = NULL;
 static LOCK *server_lock = NULL;
 char *SERVER_CONFIG_FILE_NAME = "@vpn_server.config";
 char *SERVER_CONFIG_FILE_NAME_IN_CLIENT = "@vpn_gate_svc.config";
+char *SERVER_CONFIG_FILE_NAME_IN_CLIENT_RELAY = "@vpn_gate_relay.config";
 char *BRIDGE_CONFIG_FILE_NAME = "@vpn_bridge.config";
 char *SERVER_CONFIG_TEMPLATE_NAME = "@vpn_server_template.config";
 char *BRIDGE_CONFIG_TEMPLATE_NAME = "@vpn_server_template.config";
@@ -4102,6 +4103,8 @@ void SiLoadHubOptionCfg(FOLDER *f, HUB_OPTION *o)
 	o->DisableCorrectIpOffloadChecksum = CfgGetBool(f, "DisableCorrectIpOffloadChecksum");
 	o->SuppressClientUpdateNotification = CfgGetBool(f, "SuppressClientUpdateNotification");
 	o->AssignVLanIdByRadiusAttribute = CfgGetBool(f, "AssignVLanIdByRadiusAttribute");
+	o->SecureNAT_RandomizeAssignIp = CfgGetBool(f, "SecureNAT_RandomizeAssignIp");
+	o->DetectDormantSessionInterval = CfgGetInt(f, "DetectDormantSessionInterval");
 
 	// Enabled by default
 	if (CfgIsItem(f, "ManageOnlyPrivateIP"))
@@ -4178,6 +4181,8 @@ void SiWriteHubOptionCfg(FOLDER *f, HUB_OPTION *o)
 	CfgAddBool(f, "DropArpInPrivacyFilterMode", o->DropArpInPrivacyFilterMode);
 	CfgAddBool(f, "SuppressClientUpdateNotification", o->SuppressClientUpdateNotification);
 	CfgAddBool(f, "AssignVLanIdByRadiusAttribute", o->AssignVLanIdByRadiusAttribute);
+	CfgAddBool(f, "SecureNAT_RandomizeAssignIp", o->SecureNAT_RandomizeAssignIp);
+	CfgAddInt(f, "DetectDormantSessionInterval", o->DetectDormantSessionInterval);
 	CfgAddBool(f, "NoLookBPDUBridgeId", o->NoLookBPDUBridgeId);
 	CfgAddInt(f, "AdjustTcpMssValue", o->AdjustTcpMssValue);
 	CfgAddBool(f, "DisableAdjustTcpMss", o->DisableAdjustTcpMss);
@@ -7479,6 +7484,8 @@ void SiCalledUpdateHub(SERVER *s, PACK *p)
 	o.DropArpInPrivacyFilterMode = PackGetBool(p, "DropArpInPrivacyFilterMode");
 	o.SuppressClientUpdateNotification = PackGetBool(p, "SuppressClientUpdateNotification");
 	o.AssignVLanIdByRadiusAttribute = PackGetBool(p, "AssignVLanIdByRadiusAttribute");
+	o.SecureNAT_RandomizeAssignIp = PackGetBool(p, "SecureNAT_RandomizeAssignIp");
+	o.DetectDormantSessionInterval = PackGetInt(p, "DetectDormantSessionInterval");
 	o.VlanTypeId = PackGetInt(p, "VlanTypeId");
 	if (o.VlanTypeId == 0)
 	{
@@ -9320,6 +9327,8 @@ void SiPackAddCreateHub(PACK *p, HUB *h)
 	PackAddBool(p, "SuppressClientUpdateNotification", h->Option->SuppressClientUpdateNotification);
 	PackAddBool(p, "AssignVLanIdByRadiusAttribute", h->Option->AssignVLanIdByRadiusAttribute);
 	PackAddInt(p, "ClientMinimumRequiredBuild", h->Option->ClientMinimumRequiredBuild);
+	PackAddBool(p, "SecureNAT_RandomizeAssignIp", h->Option->SecureNAT_RandomizeAssignIp);
+	PackAddInt(p, "DetectDormantSessionInterval", h->Option->DetectDormantSessionInterval);
 	PackAddBool(p, "FixForDLinkBPDU", h->Option->FixForDLinkBPDU);
 	PackAddBool(p, "BroadcastLimiterStrictMode", h->Option->BroadcastLimiterStrictMode);
 	PackAddBool(p, "NoLookBPDUBridgeId", h->Option->NoLookBPDUBridgeId);
@@ -10851,9 +10860,9 @@ void SiUpdateCurrentRegion(CEDAR *c, char *region, bool force_update)
 // Create a server
 SERVER *SiNewServer(bool bridge)
 {
-	return SiNewServerEx(bridge, false);
+	return SiNewServerEx(bridge, false, false);
 }
-SERVER *SiNewServerEx(bool bridge, bool in_client_inner_server)
+SERVER *SiNewServerEx(bool bridge, bool in_client_inner_server, bool relay_server)
 {
 	SERVER *s;
 	LISTENER *inproc;

src/Cedar/Server.h

@@ -472,7 +472,7 @@ struct SERVER_HUB_CREATE_HISTORY
 
 // Function prototype declaration
 SERVER *SiNewServer(bool bridge);
-SERVER *SiNewServerEx(bool bridge, bool in_client_inner_server);
+SERVER *SiNewServerEx(bool bridge, bool in_client_inner_server, bool relay_server);
 void SiReleaseServer(SERVER *s);
 void SiCleanupServer(SERVER *s);
 void StStartServer(bool bridge);

src/Cedar/Session.c

@@ -305,6 +305,16 @@ void SessionMain(SESSION *s)
 		}
 
 
+		if (is_server_session && s->LinkModeServer == false && s->SecureNATMode == false && s->BridgeMode == false && s->L3SwitchMode == false)
+		{
+			if (s->Hub != NULL && s->Hub->ForceDisableComm)
+			{
+				// Disconnect the session forcibly because the ForceDisableComm flag is set
+				err = ERR_SERVER_CANT_ACCEPT;
+				pa_fail = true;
+			}
+		}
+
 		if (s->InProcMode)
 		{
 			if (c->TubeSock == NULL || IsTubeConnected(c->TubeSock->SendTube) == false || IsTubeConnected(c->TubeSock->RecvTube) == false)
@@ -324,7 +334,6 @@ void SessionMain(SESSION *s)
 				pa_fail = true;
 			}
 		}
-
 		
 		// Chance of additional connection
 		if (is_server_session == false)
@@ -1409,20 +1418,26 @@ void ClientThread(THREAD *t, void *param)
 	bool no_save_password = false;
 	bool is_vpngate_connection = false;
 	CEDAR *cedar;
+	bool num_active_sessions_incremented = false;
 	// Validate arguments
 	if (t == NULL || param == NULL)
 	{
 		return;
 	}
 
-	CiIncrementNumActiveSessions();
-
 	Debug("ClientThread 0x%x Started.\n", t);
 
 	s = (SESSION *)param;
 	AddRef(s->ref);
 	s->Thread = t;
 	AddRef(t->ref);
+
+	if (s->LinkModeClient == false)
+	{
+		CiIncrementNumActiveSessions();
+		num_active_sessions_incremented = true;
+	}
+
 	NoticeThreadInit(t);
 
 	cedar = s->Cedar;
@@ -1793,7 +1808,10 @@ SKIP:
 
 	ReleaseSession(s);
 
-	CiDecrementNumActiveSessions();
+	if (num_active_sessions_incremented)
+	{
+		CiDecrementNumActiveSessions();
+	}
 }
 
 // Name comparison of sessions
@@ -2209,6 +2227,19 @@ SESSION *NewServerSessionEx(CEDAR *cedar, CONNECTION *c, HUB *h, char *username,
 		{
 			Format(name, sizeof(name), "SID-%s-[%s]-%u", user_name_upper, c->InProcPrefix, Inc(h->SessionCounter));
 		}
+
+		if (h->IsVgsHub || h->IsVgsSuperRelayHub)
+		{
+			UCHAR rand[5];
+			char tmp[32];
+
+			Rand(rand, sizeof(rand));
+
+			BinToStr(tmp, sizeof(tmp), rand, sizeof(rand));
+
+			StrCat(name, sizeof(name), "-");
+			StrCat(name, sizeof(name), tmp);
+		}
 	}
 	else
 	{

src/Cedar/Session.h

@@ -230,6 +230,7 @@ struct SESSION
 
 	UINT64 CreatedTime;				// Creation date and time
 	UINT64 LastCommTime;			// Last communication date and time
+	UINT64 LastCommTimeForDormant;	// Last communication date and time (for dormant)
 	TRAFFIC *Traffic;				// Traffic data
 	TRAFFIC *OldTraffic;			// Old traffic data
 	UINT64 TotalSendSize;			// Total transmitted data size

src/Cedar/UdpAccel.c

@@ -342,7 +342,7 @@ void UdpAccelPoll(UDP_ACCEL *a)
 	else
 	{
 		// NAT_T is disabled, but there is a reference host (such as VGC)
-		if (a->UseUdpIpQuery)
+		if (a->UseUdpIpQuery || a->UseSuperRelayQuery)
 		{
 		}
 	}

src/Cedar/UdpAccel.h

@@ -193,6 +193,7 @@ struct UDP_ACCEL
 	UINT64 CreatedTick;									// Object creation time
 	bool FastDetect;									// Fast disconnection detection mode
 	UINT64 FirstStableReceiveTick;						// Start time of current stable continued receivable period
+	bool UseSuperRelayQuery;							// Use the super relay query
 	bool UseUdpIpQuery;									// Use the self IP address query by UDP
 	IP UdpIpQueryHost;									// Host for the self IP address query by UDP
 	UINT UdpIpQueryPort;								// Port number for self IP address for query by UDP

src/Cedar/Virtual.c

@@ -9282,7 +9282,16 @@ UINT ServeDhcpDiscover(VH *v, UCHAR *mac, UINT request_ip)
 	if (ret == 0)
 	{
 		// Take an appropriate IP addresses that can be assigned newly
-		ret = GetFreeDhcpIpAddress(v);
+		HUB_OPTION *opt = NatGetHubOption(v);
+
+		if (opt != NULL && opt->SecureNAT_RandomizeAssignIp)
+		{
+			ret = GetFreeDhcpIpAddressByRandom(v, mac);
+		}
+		else
+		{
+			ret = GetFreeDhcpIpAddress(v);
+		}
 	}
 
 	return ret;
@@ -9316,6 +9325,56 @@ UINT GetFreeDhcpIpAddress(VH *v)
 	return 0;
 }
 
+// Take an appropriate IP addresses that can be assigned newly (random)
+UINT GetFreeDhcpIpAddressByRandom(VH *v, UCHAR *mac)
+{
+	UINT ip_start, ip_end;
+	UINT i;
+	UINT num_retry;
+	// Validate arguments
+	if (v == NULL || mac == NULL)
+	{
+		return 0;
+	}
+
+	ip_start = Endian32(v->DhcpIpStart);
+	ip_end = Endian32(v->DhcpIpEnd);
+
+	if (ip_start > ip_end)
+	{
+		return 0;
+	}
+
+	num_retry = (ip_end - ip_start + 1) * 2;
+	num_retry = MIN(num_retry, 65536 * 2);
+
+	for (i = 0;i < num_retry;i++)
+	{
+		UCHAR rand_seed[sizeof(UINT) + 6];
+		UCHAR hash[16];
+		UINT rand_int;
+		UINT new_ip;
+
+		WRITE_UINT(&rand_seed[0], i);
+		Copy(rand_seed + sizeof(UINT), mac, 6);
+
+		Hash(hash, rand_seed, sizeof(rand_seed), false);
+
+		rand_int = READ_UINT(hash);
+
+		new_ip = Endian32(ip_start + (rand_int % (ip_end - ip_start + 1)));
+
+		if (SearchDhcpLeaseByIp(v, new_ip) == NULL)
+		{
+			// A free IP address is found
+			return new_ip;
+		}
+	}
+
+	// There is no free address
+	return 0;
+}
+
 // Virtual DHCP Server
 void VirtualDhcpServer(VH *v, PKT *p)
 {

src/Cedar/Virtual.h

@@ -618,6 +618,7 @@ DHCP_LEASE *SearchDhcpLeaseByMac(VH *v, UCHAR *mac);
 DHCP_LEASE *SearchDhcpLeaseByIp(VH *v, UINT ip);
 UINT ServeDhcpDiscover(VH *v, UCHAR *mac, UINT request_ip);
 UINT GetFreeDhcpIpAddress(VH *v);
+UINT GetFreeDhcpIpAddressByRandom(VH *v, UCHAR *mac);
 UINT ServeDhcpRequest(VH *v, UCHAR *mac, UINT request_ip);
 void VirtualDhcpSend(VH *v, UINT tran_id, UINT dest_ip, UINT dest_port,
 					 UINT new_ip, UCHAR *client_mac, BUF *b, UINT hw_type, UINT hw_addr_size);

src/Cedar/Wpc.c

@@ -158,10 +158,11 @@ PACK *WpcCall(char *url, INTERNET_SETTING *setting, UINT timeout_connect, UINT t
 			  char *function_name, PACK *pack, X *cert, K *key, void *sha1_cert_hash)
 {
 	return WpcCallEx(url, setting, timeout_connect, timeout_comm, function_name, pack, cert, key,
-		sha1_cert_hash, NULL, 0);
+		sha1_cert_hash, NULL, 0, NULL, NULL);
 }
 PACK *WpcCallEx(char *url, INTERNET_SETTING *setting, UINT timeout_connect, UINT timeout_comm,
-				char *function_name, PACK *pack, X *cert, K *key, void *sha1_cert_hash, bool *cancel, UINT max_recv_size)
+				char *function_name, PACK *pack, X *cert, K *key, void *sha1_cert_hash, bool *cancel, UINT max_recv_size,
+				char *additional_header_name, char *additional_header_value)
 {
 	URL_DATA data;
 	BUF *b, *recv;
@@ -190,6 +191,12 @@ PACK *WpcCallEx(char *url, INTERNET_SETTING *setting, UINT timeout_connect, UINT
 	WriteBufInt(b, 0);
 	SeekBuf(b, 0, 0);
 
+	if (IsEmptyStr(additional_header_name) == false && IsEmptyStr(additional_header_value) == false)
+	{
+		StrCpy(data.AdditionalHeaderName, sizeof(data.AdditionalHeaderName), additional_header_name);
+		StrCpy(data.AdditionalHeaderValue, sizeof(data.AdditionalHeaderValue), additional_header_value);
+	}
+
 	recv = HttpRequestEx(&data, setting, timeout_connect, timeout_comm, &error,
 		false, b->Buf, NULL, NULL, sha1_cert_hash, cancel, max_recv_size);
 
@@ -822,6 +829,11 @@ BUF *HttpRequestEx2(URL_DATA *data, INTERNET_SETTING *setting,
 		AddHttpValue(h, NewHttpValue("Content-Length", len_str));
 	}
 
+	if (IsEmptyStr(data->AdditionalHeaderName) == false && IsEmptyStr(data->AdditionalHeaderValue) == false)
+	{
+		AddHttpValue(h, NewHttpValue(data->AdditionalHeaderName, data->AdditionalHeaderValue));
+	}
+
 	if (use_http_proxy)
 	{
 		AddHttpValue(h, NewHttpValue("Proxy-Connection", "Keep-Alive"));

src/Cedar/Wpc.h

@@ -157,6 +157,8 @@ struct URL_DATA
 	char Method[32];						// Method
 	char Target[MAX_SIZE * 3];				// Target
 	char Referer[MAX_SIZE * 3];				// Referer
+	char AdditionalHeaderName[128];			// Additional header name
+	char AdditionalHeaderValue[MAX_SIZE];	// Additional header value
 };
 
 // WPC entry
@@ -219,7 +221,8 @@ void WpcFreePacket(WPC_PACKET *packet);
 PACK *WpcCall(char *url, INTERNET_SETTING *setting, UINT timeout_connect, UINT timeout_comm,
 			  char *function_name, PACK *pack, X *cert, K *key, void *sha1_cert_hash);
 PACK *WpcCallEx(char *url, INTERNET_SETTING *setting, UINT timeout_connect, UINT timeout_comm,
-			  char *function_name, PACK *pack, X *cert, K *key, void *sha1_cert_hash, bool *cancel, UINT max_recv_size);
+			  char *function_name, PACK *pack, X *cert, K *key, void *sha1_cert_hash, bool *cancel, UINT max_recv_size,
+			  char *additional_header_name, char *additional_header_value);
 bool IsProxyPrivateIp(INTERNET_SETTING *s);
 
 #endif	// WPC_H

src/CurrentBuild.txt

@@ -1,4 +1,4 @@
-BUILD_NUMBER 9514
-VERSION 412
+BUILD_NUMBER 9522
+VERSION 413
 BUILD_NAME beta
-BUILD_DATE 20141117_214116
+BUILD_DATE 20150130_192716

src/LICENSE.TXT

@@ -3,9 +3,9 @@ open-source. You can redistribute them and/or modify them under the terms of
 the GNU General Public License version 2 as published by the Free Software
 Foundation.
 
-Copyright (c) 2012-2014 Daiyuu Nobori.
-Copyright (c) 2012-2014 SoftEther Project at University of Tsukuba, Japan.
-Copyright (c) 2012-2014 SoftEther Corporation.
+Copyright (c) 2012-2015 Daiyuu Nobori.
+Copyright (c) 2012-2015 SoftEther Project at University of Tsukuba, Japan.
+Copyright (c) 2012-2015 SoftEther Corporation.
 All Rights Reserved.
 http://www.softether.org/
 

src/Mayaqua/Encrypt.c

@@ -156,6 +156,8 @@ UINT ssl_lock_num;
 static bool openssl_inited = false;
 static bool is_intel_aes_supported = false;
 
+static unsigned char *Internal_SHA0(const unsigned char *d, size_t n, unsigned char *md);
+
 // For the callback function
 typedef struct CB_PARAM
 {
@@ -239,6 +241,74 @@ void Enc_tls1_PRF(unsigned char *label, int label_len, const unsigned char *sec,
 	Free(out2);
 }
 
+// Easy encryption
+BUF *EasyEncrypt(BUF *src_buf)
+{
+	UCHAR key[SHA1_SIZE];
+	BUF *tmp_data;
+	CRYPT *rc4;
+	BUF *ret;
+	// Validate arguments
+	if (src_buf == NULL)
+	{
+		return NULL;
+	}
+
+	Rand(key, SHA1_SIZE);
+
+	tmp_data = CloneBuf(src_buf);
+
+	rc4 = NewCrypt(key, SHA1_SIZE);
+
+	Encrypt(rc4, tmp_data->Buf, tmp_data->Buf, tmp_data->Size);
+
+	ret = NewBuf();
+
+	WriteBuf(ret, key, SHA1_SIZE);
+	WriteBufBuf(ret, tmp_data);
+
+	FreeCrypt(rc4);
+	FreeBuf(tmp_data);
+
+	SeekBufToBegin(ret);
+
+	return ret;
+}
+
+// Easy decryption
+BUF *EasyDecrypt(BUF *src_buf)
+{
+	UCHAR key[SHA1_SIZE];
+	BUF *tmp_buf;
+	CRYPT *rc4;
+	// Validate arguments
+	if (src_buf == NULL)
+	{
+		return NULL;
+	}
+
+	SeekBufToBegin(src_buf);
+
+	if (ReadBuf(src_buf, key, SHA1_SIZE) != SHA1_SIZE)
+	{
+		return NULL;
+	}
+
+	tmp_buf = ReadRemainBuf(src_buf);
+	if (tmp_buf == NULL)
+	{
+		return NULL;
+	}
+
+	rc4 = NewCrypt(key, SHA1_SIZE);
+	Encrypt(rc4, tmp_buf->Buf, tmp_buf->Buf, tmp_buf->Size);
+	FreeCrypt(rc4);
+
+	SeekBufToBegin(tmp_buf);
+
+	return tmp_buf;
+}
+
 // Calculation of HMAC (MD5)
 void HMacMd5(void *dst, void *key, UINT key_size, void *data, UINT data_size)
 {
@@ -4158,7 +4228,7 @@ void Hash(void *dst, void *src, UINT size, bool sha)
 	else
 	{
 		// SHA hash
-		SHA(src, size, dst);
+		Internal_SHA0(src, size, dst);
 	}
 }
 
@@ -4907,6 +4977,324 @@ void DhFree(DH_CTX *dh)
 	Free(dh);
 }
 
+/////////////////////////
+// SHA0 implementation //
+/////////////////////////
+// 
+// From: https://bitbucket.org/Polarina/ampheck/src/097585ce2a74/src/
+/*
+	Copyright (C) 2009  Gabriel A. Petursson
+	
+	This program is free software: you can redistribute it and/or modify
+	it under the terms of the GNU General Public License as published by
+	the Free Software Foundation, either version 3 of the License, or
+	(at your option) any later version.
+	
+	This program is distributed in the hope that it will be useful,
+	but WITHOUT ANY WARRANTY; without even the implied warranty of
+	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+	GNU General Public License for more details.
+	
+	You should have received a copy of the GNU General Public License
+	along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+struct ampheck_sha0
+{
+	UINT h[5];
+	UCHAR buffer[64];
+	UINT64 length;
+};
+#define ROR(x, y) (((x) >> (y)) ^ ((x) << ((sizeof(x) * 8) - (y))))
+#define ROL(x, y) (((x) << (y)) ^ ((x) >> ((sizeof(x) * 8) - (y))))
+#define UNPACK_32_BE(x, str) { \
+	*((str))     = (UCHAR) ((x) >> 24); \
+	*((str) + 1) = (UCHAR) ((x) >> 16); \
+	*((str) + 2) = (UCHAR) ((x) >>  8); \
+	*((str) + 3) = (UCHAR) (x); \
+}
+#define UNPACK_64_BE(x, str) { \
+	*((str))     = (UCHAR) ((x) >> 56); \
+	*((str) + 1) = (UCHAR) ((x) >> 48); \
+	*((str) + 2) = (UCHAR) ((x) >> 40); \
+	*((str) + 3) = (UCHAR) ((x) >> 32); \
+	*((str) + 4) = (UCHAR) ((x) >> 24); \
+	*((str) + 5) = (UCHAR) ((x) >> 16); \
+	*((str) + 6) = (UCHAR) ((x) >>  8); \
+	*((str) + 7) = (UCHAR) (x); \
+}
+#define PACK_32_BE(str, x) { \
+	*(x) = ((UINT) *((str)    ) << 24) \
+	^ ((UINT) *((str) + 1) << 16) \
+	^ ((UINT) *((str) + 2) <<  8) \
+	^ ((UINT) *((str) + 3)); \
+}
+#define PACK_64_BE(str, x) { \
+	*(x) = ((UINT64) *((str)    ) << 56) \
+	^ ((UINT64) *((str) + 1) << 48) \
+	^ ((UINT64) *((str) + 2) << 40) \
+	^ ((UINT64) *((str) + 3) << 32) \
+	^ ((UINT64) *((str) + 4) << 24) \
+	^ ((UINT64) *((str) + 5) << 16) \
+	^ ((UINT64) *((str) + 6) << 8) \
+	^ ((UINT64) *((str) + 7)); \
+}
+#define UNPACK_32_LE(x, str) { \
+	*((str))     = (UCHAR) (x); \
+	*((str) + 1) = (UCHAR) ((x) >>  8); \
+	*((str) + 2) = (UCHAR) ((x) >> 16); \
+	*((str) + 3) = (UCHAR) ((x) >> 24); \
+}
+#define UNPACK_64_LE(x, str) { \
+	*((str))     = (UCHAR) (x); \
+	*((str) + 1) = (UCHAR) ((x) >>  8); \
+	*((str) + 2) = (UCHAR) ((x) >> 16); \
+	*((str) + 3) = (UCHAR) ((x) >> 24); \
+	*((str) + 4) = (UCHAR) ((x) >> 32); \
+	*((str) + 5) = (UCHAR) ((x) >> 40); \
+	*((str) + 6) = (UCHAR) ((x) >> 48); \
+	*((str) + 7) = (UCHAR) ((x) >> 56); \
+}
+#define PACK_32_LE(str, x) { \
+	*(x) = ((UINT) *((str)    )) \
+	^ ((UINT) *((str) + 1) <<  8) \
+	^ ((UINT) *((str) + 2) << 16) \
+	^ ((UINT) *((str) + 3) << 24); \
+}
+#define PACK_64_LE(str, x) { \
+	*(x) = ((UINT64) *((str)    )) \
+	^ ((UINT64) *((str) + 1) <<  8) \
+	^ ((UINT64) *((str) + 2) << 16) \
+	^ ((UINT64) *((str) + 3) << 24) \
+	^ ((UINT64) *((str) + 4) << 32) \
+	^ ((UINT64) *((str) + 5) << 40) \
+	^ ((UINT64) *((str) + 6) << 48) \
+	^ ((UINT64) *((str) + 7) << 56); \
+}
+#define SHA0_R1(x, y, z) ((z ^ (x & (y ^ z)))       + 0x5a827999)
+#define SHA0_R2(x, y, z) ((x ^ y ^ z)               + 0x6ed9eba1)
+#define SHA0_R3(x, y, z) (((x & y) | (z & (x | y))) + 0x8f1bbcdc)
+#define SHA0_R4(x, y, z) ((x ^ y ^ z)               + 0xca62c1d6)
+#define SHA0_PRC(a, b, c, d, e, idx, rnd) { \
+	wv[e] += ROR(wv[a], 27) + SHA0_R##rnd(wv[b], wv[c], wv[d]) + idx; \
+	wv[b]  = ROR(wv[b], 2); \
+}
+#define SHA0_EXT(i) ( \
+	w[i] ^= w[(i - 3) & 0x0F] ^ w[(i - 8) & 0x0F] ^ w[(i - 14) & 0x0F] \
+	)
+static void ampheck_sha0_init(struct ampheck_sha0 *ctx);
+static void ampheck_sha0_update(struct ampheck_sha0 *ctx, const UCHAR *data, UINT length);
+static void ampheck_sha0_finish(const struct ampheck_sha0 *ctx, UCHAR *digest);
+static void ampheck_sha0_init(struct ampheck_sha0 *ctx)
+{
+	ctx->h[0] = 0x67452301;
+	ctx->h[1] = 0xefcdab89;
+	ctx->h[2] = 0x98badcfe;
+	ctx->h[3] = 0x10325476;
+	ctx->h[4] = 0xc3d2e1f0;
+
+	ctx->length = 0;
+}
+
+static void ampheck_sha0_transform(struct ampheck_sha0 *ctx, const UCHAR *data, UINT blocks)
+{
+	UINT i;
+	for (i = 0; i < blocks; ++i)
+	{
+		UINT wv[5];
+		UINT w[16];
+
+		PACK_32_BE(&data[(i << 6)     ], &w[ 0]);
+		PACK_32_BE(&data[(i << 6) +  4], &w[ 1]);
+		PACK_32_BE(&data[(i << 6) +  8], &w[ 2]);
+		PACK_32_BE(&data[(i << 6) + 12], &w[ 3]);
+		PACK_32_BE(&data[(i << 6) + 16], &w[ 4]);
+		PACK_32_BE(&data[(i << 6) + 20], &w[ 5]);
+		PACK_32_BE(&data[(i << 6) + 24], &w[ 6]);
+		PACK_32_BE(&data[(i << 6) + 28], &w[ 7]);
+		PACK_32_BE(&data[(i << 6) + 32], &w[ 8]);
+		PACK_32_BE(&data[(i << 6) + 36], &w[ 9]);
+		PACK_32_BE(&data[(i << 6) + 40], &w[10]);
+		PACK_32_BE(&data[(i << 6) + 44], &w[11]);
+		PACK_32_BE(&data[(i << 6) + 48], &w[12]);
+		PACK_32_BE(&data[(i << 6) + 52], &w[13]);
+		PACK_32_BE(&data[(i << 6) + 56], &w[14]);
+		PACK_32_BE(&data[(i << 6) + 60], &w[15]);
+
+		wv[0] = ctx->h[0];
+		wv[1] = ctx->h[1];
+		wv[2] = ctx->h[2];
+		wv[3] = ctx->h[3];
+		wv[4] = ctx->h[4];
+
+		SHA0_PRC(0, 1, 2, 3, 4, w[ 0], 1);
+		SHA0_PRC(4, 0, 1, 2, 3, w[ 1], 1);
+		SHA0_PRC(3, 4, 0, 1, 2, w[ 2], 1);
+		SHA0_PRC(2, 3, 4, 0, 1, w[ 3], 1);
+		SHA0_PRC(1, 2, 3, 4, 0, w[ 4], 1);
+		SHA0_PRC(0, 1, 2, 3, 4, w[ 5], 1);
+		SHA0_PRC(4, 0, 1, 2, 3, w[ 6], 1);
+		SHA0_PRC(3, 4, 0, 1, 2, w[ 7], 1);
+		SHA0_PRC(2, 3, 4, 0, 1, w[ 8], 1);
+		SHA0_PRC(1, 2, 3, 4, 0, w[ 9], 1);
+		SHA0_PRC(0, 1, 2, 3, 4, w[10], 1);
+		SHA0_PRC(4, 0, 1, 2, 3, w[11], 1);
+		SHA0_PRC(3, 4, 0, 1, 2, w[12], 1);
+		SHA0_PRC(2, 3, 4, 0, 1, w[13], 1);
+		SHA0_PRC(1, 2, 3, 4, 0, w[14], 1);
+		SHA0_PRC(0, 1, 2, 3, 4, w[15], 1);
+		SHA0_PRC(4, 0, 1, 2, 3, SHA0_EXT( 0), 1);
+		SHA0_PRC(3, 4, 0, 1, 2, SHA0_EXT( 1), 1);
+		SHA0_PRC(2, 3, 4, 0, 1, SHA0_EXT( 2), 1);
+		SHA0_PRC(1, 2, 3, 4, 0, SHA0_EXT( 3), 1);
+
+		SHA0_PRC(0, 1, 2, 3, 4, SHA0_EXT( 4), 2);
+		SHA0_PRC(4, 0, 1, 2, 3, SHA0_EXT( 5), 2);
+		SHA0_PRC(3, 4, 0, 1, 2, SHA0_EXT( 6), 2);
+		SHA0_PRC(2, 3, 4, 0, 1, SHA0_EXT( 7), 2);
+		SHA0_PRC(1, 2, 3, 4, 0, SHA0_EXT( 8), 2);
+		SHA0_PRC(0, 1, 2, 3, 4, SHA0_EXT( 9), 2);
+		SHA0_PRC(4, 0, 1, 2, 3, SHA0_EXT(10), 2);
+		SHA0_PRC(3, 4, 0, 1, 2, SHA0_EXT(11), 2);
+		SHA0_PRC(2, 3, 4, 0, 1, SHA0_EXT(12), 2);
+		SHA0_PRC(1, 2, 3, 4, 0, SHA0_EXT(13), 2);
+		SHA0_PRC(0, 1, 2, 3, 4, SHA0_EXT(14), 2);
+		SHA0_PRC(4, 0, 1, 2, 3, SHA0_EXT(15), 2);
+		SHA0_PRC(3, 4, 0, 1, 2, SHA0_EXT( 0), 2);
+		SHA0_PRC(2, 3, 4, 0, 1, SHA0_EXT( 1), 2);
+		SHA0_PRC(1, 2, 3, 4, 0, SHA0_EXT( 2), 2);
+		SHA0_PRC(0, 1, 2, 3, 4, SHA0_EXT( 3), 2);
+		SHA0_PRC(4, 0, 1, 2, 3, SHA0_EXT( 4), 2);
+		SHA0_PRC(3, 4, 0, 1, 2, SHA0_EXT( 5), 2);
+		SHA0_PRC(2, 3, 4, 0, 1, SHA0_EXT( 6), 2);
+		SHA0_PRC(1, 2, 3, 4, 0, SHA0_EXT( 7), 2);
+
+		SHA0_PRC(0, 1, 2, 3, 4, SHA0_EXT( 8), 3);
+		SHA0_PRC(4, 0, 1, 2, 3, SHA0_EXT( 9), 3);
+		SHA0_PRC(3, 4, 0, 1, 2, SHA0_EXT(10), 3);
+		SHA0_PRC(2, 3, 4, 0, 1, SHA0_EXT(11), 3);
+		SHA0_PRC(1, 2, 3, 4, 0, SHA0_EXT(12), 3);
+		SHA0_PRC(0, 1, 2, 3, 4, SHA0_EXT(13), 3);
+		SHA0_PRC(4, 0, 1, 2, 3, SHA0_EXT(14), 3);
+		SHA0_PRC(3, 4, 0, 1, 2, SHA0_EXT(15), 3);
+		SHA0_PRC(2, 3, 4, 0, 1, SHA0_EXT( 0), 3);
+		SHA0_PRC(1, 2, 3, 4, 0, SHA0_EXT( 1), 3);
+		SHA0_PRC(0, 1, 2, 3, 4, SHA0_EXT( 2), 3);
+		SHA0_PRC(4, 0, 1, 2, 3, SHA0_EXT( 3), 3);
+		SHA0_PRC(3, 4, 0, 1, 2, SHA0_EXT( 4), 3);
+		SHA0_PRC(2, 3, 4, 0, 1, SHA0_EXT( 5), 3);
+		SHA0_PRC(1, 2, 3, 4, 0, SHA0_EXT( 6), 3);
+		SHA0_PRC(0, 1, 2, 3, 4, SHA0_EXT( 7), 3);
+		SHA0_PRC(4, 0, 1, 2, 3, SHA0_EXT( 8), 3);
+		SHA0_PRC(3, 4, 0, 1, 2, SHA0_EXT( 9), 3);
+		SHA0_PRC(2, 3, 4, 0, 1, SHA0_EXT(10), 3);
+		SHA0_PRC(1, 2, 3, 4, 0, SHA0_EXT(11), 3);
+
+		SHA0_PRC(0, 1, 2, 3, 4, SHA0_EXT(12), 4);
+		SHA0_PRC(4, 0, 1, 2, 3, SHA0_EXT(13), 4);
+		SHA0_PRC(3, 4, 0, 1, 2, SHA0_EXT(14), 4);
+		SHA0_PRC(2, 3, 4, 0, 1, SHA0_EXT(15), 4);
+		SHA0_PRC(1, 2, 3, 4, 0, SHA0_EXT( 0), 4);
+		SHA0_PRC(0, 1, 2, 3, 4, SHA0_EXT( 1), 4);
+		SHA0_PRC(4, 0, 1, 2, 3, SHA0_EXT( 2), 4);
+		SHA0_PRC(3, 4, 0, 1, 2, SHA0_EXT( 3), 4);
+		SHA0_PRC(2, 3, 4, 0, 1, SHA0_EXT( 4), 4);
+		SHA0_PRC(1, 2, 3, 4, 0, SHA0_EXT( 5), 4);
+		SHA0_PRC(0, 1, 2, 3, 4, SHA0_EXT( 6), 4);
+		SHA0_PRC(4, 0, 1, 2, 3, SHA0_EXT( 7), 4);
+		SHA0_PRC(3, 4, 0, 1, 2, SHA0_EXT( 8), 4);
+		SHA0_PRC(2, 3, 4, 0, 1, SHA0_EXT( 9), 4);
+		SHA0_PRC(1, 2, 3, 4, 0, SHA0_EXT(10), 4);
+		SHA0_PRC(0, 1, 2, 3, 4, SHA0_EXT(11), 4);
+		SHA0_PRC(4, 0, 1, 2, 3, SHA0_EXT(12), 4);
+		SHA0_PRC(3, 4, 0, 1, 2, SHA0_EXT(13), 4);
+		SHA0_PRC(2, 3, 4, 0, 1, SHA0_EXT(14), 4);
+		SHA0_PRC(1, 2, 3, 4, 0, SHA0_EXT(15), 4);
+
+		ctx->h[0] += wv[0];
+		ctx->h[1] += wv[1];
+		ctx->h[2] += wv[2];
+		ctx->h[3] += wv[3];
+		ctx->h[4] += wv[4];
+	}
+}
+
+static void ampheck_sha0_update(struct ampheck_sha0 *ctx, const UCHAR *data, UINT size)
+{
+	UINT tmp = size;
+
+	if (size >= 64 - ctx->length % 64)
+	{
+		memcpy(&ctx->buffer[ctx->length % 64], data, 64 - ctx->length % 64);
+
+		data += 64 - ctx->length % 64;
+		size -= 64 - ctx->length % 64;
+
+		ampheck_sha0_transform(ctx, ctx->buffer, 1);
+		ampheck_sha0_transform(ctx, data, size / 64);
+
+		data += size & ~63;
+		size %= 64;
+
+		memcpy(ctx->buffer, data, size);
+	}
+	else
+	{
+		memcpy(&ctx->buffer[ctx->length % 64], data, size);
+	}
+
+	ctx->length += tmp;
+}
+
+static void ampheck_sha0_finish(const struct ampheck_sha0 *ctx, UCHAR *digest)
+{
+	struct ampheck_sha0 tmp;
+
+	memcpy(tmp.h, ctx->h, 5 * sizeof(UINT));
+	memcpy(tmp.buffer, ctx->buffer, ctx->length % 64);
+
+	tmp.buffer[ctx->length % 64] = 0x80;
+
+	if (ctx->length % 64 < 56)
+	{
+		memset(&tmp.buffer[ctx->length % 64 + 1], 0x00, 55 - ctx->length % 64);
+	}
+	else
+	{
+		memset(&tmp.buffer[ctx->length % 64 + 1], 0x00, 63 - ctx->length % 64);
+		ampheck_sha0_transform(&tmp, tmp.buffer, 1);
+
+		memset(tmp.buffer, 0x00, 56);
+	}
+
+	UNPACK_64_BE(ctx->length * 8, &tmp.buffer[56]);
+	ampheck_sha0_transform(&tmp, tmp.buffer, 1);
+
+	UNPACK_32_BE(tmp.h[0], &digest[ 0]);
+	UNPACK_32_BE(tmp.h[1], &digest[ 4]);
+	UNPACK_32_BE(tmp.h[2], &digest[ 8]);
+	UNPACK_32_BE(tmp.h[3], &digest[12]);
+	UNPACK_32_BE(tmp.h[4], &digest[16]);
+}
+static unsigned char *Internal_SHA0(const unsigned char *d, size_t n, unsigned char *md)
+{
+	struct ampheck_sha0 c;
+	static unsigned char m[SHA_DIGEST_LENGTH];
+
+	if (md == NULL) md=m;
+
+	ampheck_sha0_init(&c);
+	ampheck_sha0_update(&c, d, (UINT)n);
+	ampheck_sha0_finish(&c, md);
+
+	return md;
+}
+
+
+
+
+
+
 // Developed by SoftEther VPN Project at University of Tsukuba in Japan.
 // Department of Computer Science has dozens of overly-enthusiastic geeks.
 // Join us: http://www.tsukuba.ac.jp/english/admission/

src/Mayaqua/Encrypt.h

@@ -503,6 +503,9 @@ void Enc_tls1_PRF(unsigned char *label, int label_len, const unsigned char *sec,
 void HMacSha1(void *dst, void *key, UINT key_size, void *data, UINT data_size);
 void HMacMd5(void *dst, void *key, UINT key_size, void *data, UINT data_size);
 
+BUF *EasyEncrypt(BUF *src_buf);
+BUF *EasyDecrypt(BUF *src_buf);
+
 void DisableIntelAesAccel();
 
 #ifdef	ENCRYPT_C

src/Mayaqua/MayaType.h

@@ -521,6 +521,7 @@ typedef struct SAFE_QUOTA2 SAFE_QUOTA2;
 typedef struct SAFE_BLOCK SAFE_BLOCK;
 typedef struct SAFE_REQUEST_LOG SAFE_REQUEST_LOG;
 typedef struct DYN_VALUE DYN_VALUE;
+typedef struct RELAY_PARAMETER RELAY_PARAMETER;
 
 // Tick64.h
 typedef struct ADJUST_TIME ADJUST_TIME;

src/Mayaqua/Microsoft.c

@@ -3670,10 +3670,6 @@ void MsRegistWindowsFirewallEx(char *title, char *exe)
 	{
 		return;
 	}
-	if (MsIsVista() == false && (GET_KETA(ostype, 100) != 3 && GET_KETA(ostype, 100) != 4 && GET_KETA(ostype, 100) != 5 && GET_KETA(ostype, 100) != 6 && GET_KETA(ostype, 100) != 7))
-	{
-		return;
-	}
 	if (MsIsAdmin() == false)
 	{
 		return;

src/Mayaqua/Network.c

@@ -1647,6 +1647,7 @@ void RUDPDo_NatT_Interrupt(RUDP_STACK *r)
 	{
 		if (IsZeroIp(&r->NatT_IP_Safe) == false)
 		{
+
 			if (g_no_rudp_register == false)
 			{
 				if (r->NatT_GetTokenNextTick == 0 || r->Now >= r->NatT_GetTokenNextTick)
@@ -1674,25 +1675,28 @@ void RUDPDo_NatT_Interrupt(RUDP_STACK *r)
 				}
 			}
 
-			if (r->NatT_NextNatStatusCheckTick == 0 || r->Now >= r->NatT_NextNatStatusCheckTick)
 			{
-				UCHAR a = 'A';
-				UINT ddns_hash;
-				// Check of the NAT state
-				RUDPSendPacket(r, &r->NatT_IP_Safe, UDP_NAT_T_PORT, &a, 1, 0);
+				// Normal servers: Send request packets to the NAT-T server
+				if (r->NatT_NextNatStatusCheckTick == 0 || r->Now >= r->NatT_NextNatStatusCheckTick)
+				{
+					UCHAR a = 'A';
+					UINT ddns_hash;
+					// Check of the NAT state
+					RUDPSendPacket(r, &r->NatT_IP_Safe, UDP_NAT_T_PORT, &a, 1, 0);
 
-				// Execution time of the next
-				r->NatT_NextNatStatusCheckTick = r->Now + (UINT64)GenRandInterval(UDP_NAT_T_NAT_STATUS_CHECK_INTERVAL_MIN, UDP_NAT_T_NAT_STATUS_CHECK_INTERVAL_MAX);
-				AddInterrupt(r->Interrupt, r->NatT_NextNatStatusCheckTick);
+					// Execution time of the next
+					r->NatT_NextNatStatusCheckTick = r->Now + (UINT64)GenRandInterval(UDP_NAT_T_NAT_STATUS_CHECK_INTERVAL_MIN, UDP_NAT_T_NAT_STATUS_CHECK_INTERVAL_MAX);
+					AddInterrupt(r->Interrupt, r->NatT_NextNatStatusCheckTick);
 
-				// Check whether the DDNS host name changing have not occurred
-				ddns_hash = GetCurrentDDnsFqdnHash();
+					// Check whether the DDNS host name changing have not occurred
+					ddns_hash = GetCurrentDDnsFqdnHash();
 
-				if (r->LastDDnsFqdnHash != ddns_hash)
-				{
-					r->LastDDnsFqdnHash = ddns_hash;
-					// Do the Register immediately if there is a change in the DDNS host name
-					r->NatT_RegisterNextTick = 0;
+					if (r->LastDDnsFqdnHash != ddns_hash)
+					{
+						r->LastDDnsFqdnHash = ddns_hash;
+						// Do the Register immediately if there is a change in the DDNS host name
+						r->NatT_RegisterNextTick = 0;
+					}
 				}
 			}
 
@@ -1775,8 +1779,17 @@ void RUDPRecvProc(RUDP_STACK *r, UDPPACKET *p)
 		return;
 	}
 
+	if (r->ServerMode)
+	{
+		if (g_no_rudp_server)
+		{
+			return;
+		}
+	}
+
 	if (r->ServerMode && r->NoNatTRegister == false)
 	{
+
 		if (p->SrcPort == UDP_NAT_T_PORT && CmpIpAddr(&p->SrcIP, &r->NatT_IP_Safe) == 0)
 		{
 			// There was a response from the NAT-T server
@@ -4472,7 +4485,7 @@ void RUDPIpQueryThread(THREAD *thread, void *param)
 		{
 			IP ip;
 
-			if (GetMyPrivateIP(&ip))
+			if (GetMyPrivateIP(&ip, false))
 			{
 				Lock(r->Lock);
 				{
@@ -4521,7 +4534,7 @@ UINT GenRandInterval(UINT min, UINT max)
 }
 
 // Identify the private IP of the interface which is used to connect to the Internet currently
-bool GetMyPrivateIP(IP *ip)
+bool GetMyPrivateIP(IP *ip, bool from_vg)
 {
 	SOCK *s;
 	IP t;
@@ -4532,11 +4545,6 @@ bool GetMyPrivateIP(IP *ip)
 		return false;
 	}
 
-	if (IsUseAlternativeHostname())
-	{
-		hostname = UDP_NAT_T_GET_PRIVATE_IP_TCP_SERVER_ALT;
-	}
-
 	s = ConnectEx(hostname, UDP_NAT_T_PORT_FOR_TCP_1, UDP_NAT_T_GET_PRIVATE_IP_CONNECT_TIMEOUT);
 
 	if (s == NULL)
@@ -4545,7 +4553,7 @@ bool GetMyPrivateIP(IP *ip)
 
 		if (s == NULL)
 		{
-			s = ConnectEx(hostname, UDP_NAT_T_PORT_FOR_TCP_3, UDP_NAT_T_GET_PRIVATE_IP_CONNECT_TIMEOUT);
+			s = ConnectEx(GetRandHostNameForGetMyPrivateIP(), UDP_NAT_T_PORT_FOR_TCP_1, UDP_NAT_T_GET_PRIVATE_IP_CONNECT_TIMEOUT);
 
 			if (s == NULL)
 			{
@@ -5462,7 +5470,11 @@ RUDP_STACK *NewRUDP(bool server_mode, char *svc_name, RUDP_STACK_INTERRUPTS_PROC
 		}
 	}
 
-	RUDPGetRegisterHostNameByIP(r->CurrentRegisterHostname, sizeof(r->CurrentRegisterHostname), NULL);
+	if (true
+		)
+	{
+		RUDPGetRegisterHostNameByIP(r->CurrentRegisterHostname, sizeof(r->CurrentRegisterHostname), NULL);
+	}
 
 	if (r->ServerMode)
 	{
@@ -5470,7 +5482,8 @@ RUDP_STACK *NewRUDP(bool server_mode, char *svc_name, RUDP_STACK_INTERRUPTS_PROC
 		r->ProcRpcRecv = proc_rpc_recv;
 	}
 
-	if (r->ServerMode && r->NoNatTRegister == false)
+	if (r->ServerMode && r->NoNatTRegister == false
+		)
 	{
 		r->IpQueryThread = NewThread(RUDPIpQueryThread, r);
 	}
@@ -5543,8 +5556,11 @@ void FreeRUDP(RUDP_STACK *r)
 
 	if (r->ServerMode && r->NoNatTRegister == false)
 	{
-		WaitThread(r->IpQueryThread, INFINITE);
-		ReleaseThread(r->IpQueryThread);
+		if (r->IpQueryThread != NULL)
+		{
+			WaitThread(r->IpQueryThread, INFINITE);
+			ReleaseThread(r->IpQueryThread);
+		}
 	}
 
 	WaitThread(r->Thread, INFINITE);
@@ -12122,6 +12138,37 @@ void InitAsyncSocket(SOCK *sock)
 #endif	// OS_WIN32
 }
 
+// Get a new available UDP port number
+UINT GetNewAvailableUdpPortRand()
+{
+	UINT num_retry = 8;
+	UINT i;
+	UINT ret = 0;
+	UCHAR seed[SHA1_SIZE];
+
+	Rand(seed, sizeof(seed));
+
+	for (i = 0;i < num_retry;i++)
+	{
+		SOCK *s = NewUDPEx2Rand(false, NULL, seed, sizeof(seed), RAND_UDP_PORT_DEFAULT_NUM_RETRY);
+
+		if (s != NULL)
+		{
+			ret = s->LocalPort;
+
+			Disconnect(s);
+			ReleaseSock(s);
+		}
+
+		if (ret != 0)
+		{
+			break;
+		}
+	}
+
+	return ret;
+}
+
 // Open a UDP port (port number is random, but determine the randomness in the seed)
 SOCK *NewUDPEx2Rand(bool ipv6, IP *ip, void *rand_seed, UINT rand_seed_size, UINT num_retry)
 {
@@ -17862,6 +17909,33 @@ bool IsIPPrivate(IP *ip)
 	return false;
 }
 
+// Is the IP address either local or private?
+bool IsIPLocalOrPrivate(IP *ip)
+{
+	// Validate arguments
+	if (ip == NULL)
+	{
+		return false;
+	}
+
+	if (IsIPPrivate(ip))
+	{
+		return true;
+	}
+
+	if (IsLocalHostIP(ip))
+	{
+		return true;
+	}
+
+	if (IsIPMyHost(ip))
+	{
+		return true;
+	}
+
+	return false;
+}
+
 // Read a private IP list file
 void LoadPrivateIPFile()
 {
@@ -19841,8 +19915,10 @@ void UdpListenerThread(THREAD *thread, void *param)
 		UINT interval;
 		bool stage_changed = false;
 		IP nat_t_ip;
+
 		Zero(&nat_t_ip, sizeof(nat_t_ip));
 
+
 		if (u->LastCheckTick == 0 || (now >= (u->LastCheckTick + UDPLISTENER_CHECK_INTERVAL)))
 		{
 			LIST *iplist;
@@ -20011,17 +20087,19 @@ LABEL_RESTART:
 
 		if (u->PollMyIpAndPort)
 		{
-			// Create a thread to get a NAT-T IP address if necessary
-			if (u->GetNatTIpThread == NULL)
 			{
-				char natt_hostname[MAX_SIZE];
+				// Create a thread to get a NAT-T IP address if necessary
+				if (u->GetNatTIpThread == NULL)
+				{
+					char natt_hostname[MAX_SIZE];
 
-				RUDPGetRegisterHostNameByIP(natt_hostname, sizeof(natt_hostname), NULL);
+					RUDPGetRegisterHostNameByIP(natt_hostname, sizeof(natt_hostname), NULL);
 
-				u->GetNatTIpThread = NewQueryIpThread(natt_hostname, QUERYIPTHREAD_INTERVAL_LAST_OK, QUERYIPTHREAD_INTERVAL_LAST_NG);
-			}
+					u->GetNatTIpThread = NewQueryIpThread(natt_hostname, QUERYIPTHREAD_INTERVAL_LAST_OK, QUERYIPTHREAD_INTERVAL_LAST_NG);
+				}
 
-			GetQueryIpThreadResult(u->GetNatTIpThread, &nat_t_ip);
+				GetQueryIpThreadResult(u->GetNatTIpThread, &nat_t_ip);
+			}
 		}
 
 		// Receive the data that is arriving at the socket
@@ -20033,16 +20111,20 @@ LABEL_RESTART:
 			{
 				UINT num_ignore_errors = 0;
 
-				if (u->PollMyIpAndPort && IsZeroIP(&nat_t_ip) == false && IsIP4(&us->IpAddress))
+				if (u->PollMyIpAndPort && IsIP4(&us->IpAddress))
 				{
 					if (us->NextMyIpAndPortPollTick == 0 || us->NextMyIpAndPortPollTick <= now)
 					{
-						UCHAR c = 'A';
-
 						// Examine the self IP address and the self port number by using NAT-T server
 						us->NextMyIpAndPortPollTick = now + (UINT64)GenRandInterval(UDP_NAT_T_NAT_STATUS_CHECK_INTERVAL_MIN, UDP_NAT_T_NAT_STATUS_CHECK_INTERVAL_MAX);
 
-						SendTo(us->Sock, &nat_t_ip, UDP_NAT_T_PORT, &c, 1);
+						if (IsZeroIP(&nat_t_ip) == false
+							)
+						{
+							UCHAR c = 'A';
+
+							SendTo(us->Sock, &nat_t_ip, UDP_NAT_T_PORT, &c, 1);
+						}
 					}
 				}
 

src/Mayaqua/Network.h

@@ -759,12 +759,10 @@ struct RUDP_SESSION
 #define	UDP_NAT_T_GET_IP_INTERVAL_AFTER		DYN32(UDP_NAT_T_GET_IP_INTERVAL_AFTER, (5 * 60 * 1000))	// IP address acquisition interval of NAT-T server (after success)
 
 // Related to process to get the private IP address of itself with making a TCP connection to the NAT-T server
-#define	UDP_NAT_T_GET_PRIVATE_IP_TCP_SERVER		"get-my-ip.nat-traversal.softether-network.net."
-#define	UDP_NAT_T_GET_PRIVATE_IP_TCP_SERVER_ALT	"get-my-ip.nat-traversal.uxcom.jp."
+#define	UDP_NAT_T_GET_PRIVATE_IP_TCP_SERVER		"www.msftncsi.com."
 
-#define	UDP_NAT_T_PORT_FOR_TCP_1			992
-#define	UDP_NAT_T_PORT_FOR_TCP_2			80
-#define	UDP_NAT_T_PORT_FOR_TCP_3			443
+#define	UDP_NAT_T_PORT_FOR_TCP_1			80
+#define	UDP_NAT_T_PORT_FOR_TCP_2			443
 
 #define	UDP_NAT_TRAVERSAL_VERSION			1
 
@@ -1102,7 +1100,8 @@ void *InitWaitUntilHostIPAddressChanged();
 void FreeWaitUntilHostIPAddressChanged(void *p);
 void WaitUntilHostIPAddressChanged(void *p, EVENT *event, UINT timeout, UINT ip_check_interval);
 UINT GetHostIPAddressHash32();
-bool GetMyPrivateIP(IP *ip);
+bool GetMyPrivateIP(IP *ip, bool from_vg);
+char *GetRandHostNameForGetMyPrivateIP();
 UINT GenRandInterval(UINT min, UINT max);
 void RUDPProcess_NatT_Recv(RUDP_STACK *r, UDPPACKET *udp);
 void RUDPDo_NatT_Interrupt(RUDP_STACK *r);
@@ -1324,6 +1323,7 @@ SOCK *NewUDP4(UINT port, IP *ip);
 SOCK *NewUDP6(UINT port, IP *ip);
 SOCK *NewUDPEx2Rand(bool ipv6, IP *ip, void *rand_seed, UINT rand_seed_size, UINT num_retry);
 SOCK *NewUDPEx2RandMachineAndExePath(bool ipv6, IP *ip, UINT num_retry, UCHAR rand_port_id);
+UINT GetNewAvailableUdpPortRand();
 UINT NewRandPortByMachineAndExePath(UINT start_port, UINT end_port, UINT additional_int);
 void DisableUDPChecksum(SOCK *s);
 UINT SendTo(SOCK *sock, IP *dest_addr, UINT dest_port, void *data, UINT size);
@@ -1614,6 +1614,7 @@ void GetCurrentGlobalIPGuess(IP *ip, bool ipv6);
 bool IsIPAddressInSameLocalNetwork(IP *a);
 
 bool IsIPPrivate(IP *ip);
+bool IsIPLocalOrPrivate(IP *ip);
 bool IsIPMyHost(IP *ip);
 void LoadPrivateIPFile();
 bool IsOnPrivateIPFile(UINT ip);

src/Mayaqua/Win32.c

@@ -1075,7 +1075,7 @@ bool Win32GetVersionExInternal(void *info)
 		if (os.dwPlatformId == VER_PLATFORM_WIN32_NT)
 		{
 			if ((os.dwMajorVersion == 6 && os.dwMinorVersion >= 2) ||
-				(os.dwMajorVersion == 7))
+				(os.dwMajorVersion >= 7))
 			{
 				// Windows 8 later
 				return Win32GetVersionExInternalForWindows81orLater(info);
@@ -1091,6 +1091,9 @@ bool Win32GetVersionExInternalForWindows81orLater(void *info)
 {
 	OSVERSIONINFOEXA *ex = (OSVERSIONINFOEXA *)info;
 	char *str;
+	UINT major1 = 0, major2 = 0;
+	UINT minor1 = 0, minor2 = 0;
+	UINT major = 0, minor = 0;
 	// Validate arguments
 	if (info == NULL)
 	{
@@ -1120,15 +1123,8 @@ bool Win32GetVersionExInternalForWindows81orLater(void *info)
 
 		if (t != NULL && t->NumTokens == 2)
 		{
-			UINT major = ToInt(t->Token[0]);
-			UINT minor = ToInt(t->Token[1]);
-
-			if (major >= 6)
-			{
-				// Version number acquisition success
-				ex->dwMajorVersion = major;
-				ex->dwMinorVersion = minor;
-			}
+			major1 = ToInt(t->Token[0]);
+			minor1 = ToInt(t->Token[1]);
 		}
 
 		FreeToken(t);
@@ -1136,6 +1132,32 @@ bool Win32GetVersionExInternalForWindows81orLater(void *info)
 
 	Free(str);
 
+	major2 = MsRegReadIntEx2(REG_LOCAL_MACHINE,
+		"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion",
+		"CurrentMajorVersionNumber", false, true);
+
+	minor2 = MsRegReadIntEx2(REG_LOCAL_MACHINE,
+		"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion",
+		"CurrentMinorVersionNumber", false, true);
+
+	if ((major1 * 10000 + minor1) > (major2 * 10000 + minor2))
+	{
+		major = major1;
+		minor = minor1;
+	}
+	else
+	{
+		major = major2;
+		minor = minor2;
+	}
+
+	if (major >= 6)
+	{
+		// Version number acquisition success
+		ex->dwMajorVersion = major;
+		ex->dwMinorVersion = minor;
+	}
+
 	return true;
 }
 
@@ -1407,7 +1429,7 @@ UINT Win32GetOsType()
 						return OSTYPE_WINDOWS_SERVER_81;
 					}
 				}
-				else if (os.dwMajorVersion == 6 && os.dwMinorVersion == 4)
+				else if ((os.dwMajorVersion == 6 && os.dwMinorVersion == 4) || (os.dwMajorVersion == 10 && os.dwMinorVersion == 0))
 				{
 					if (os.wProductType == VER_NT_WORKSTATION)
 					{

src/README.TXT

@@ -10,7 +10,7 @@ http://www.softether-download.com/
 We accept your patches by the acceptance policy:
 http://www.softether.org/5-download/src/9.patch
 
-Copyright (c) 2012-2014 SoftEther Project at University of Tsukuba, Japan.
+Copyright (c) 2012-2015 SoftEther Project at University of Tsukuba, Japan.
 
 This program is free software; you can redistribute it and/or modify
 it under the terms of the GNU General Public License version 2

src/WARNING.TXT

@@ -521,3 +521,45 @@ parts of VPN Gate are not developed by SoftEther Corporation. The VPN Gate
 Research Project is not a subject to be led, operated, promoted nor guaranteed
 by SoftEther Corporation.
 
+5.13. The P2P Relay Function in the VPN Gate Client to strengthen the
+capability of circumvention of censorship firewalls
+VPN Gate Clients, which are published since January 2015, include the P2P
+Relay Function. The P2P Relay Function is implemented in order to strengthen
+the capability of circumvention of censorship firewalls. If the P2P Relay
+Function in your VPN Gate Client is enabled, then the P2P Relay Function will
+accept the incoming VPN connections from the VPN Gate users, which are located
+on mainly same regions around you, and will provide the relay function to the
+external remote VPN Gate Servers, which are hosted by third parties in the
+free Internet environment. This P2P Relay Function never provides the shared
+NAT functions nor replaces the outgoing IP address of the VPN Gate users to
+your IP addresses because this P2P Relay Function only provides the
+"reflection service" (hair-pin relaying), relaying from incoming VPN Gate
+users to an external VPN Gate Server. In this situation, VPN tunnels via your
+P2P Relay Function will be finally terminated on the external VPN Gate Server,
+not your VPN Gate Client. However, the VPN Gate Server as the final
+destination will record your IP address as the source IP address of VPN
+tunnels which will be initiated by your P2P Relay Function. Additionally, user
+packets which are transmitted via your P2P Relay Function will be recorded on
+your computer as packet logs as described on the section 5.8. After you
+installed the VPN Gate Client, and if the P2P Relay Function will be enabled
+automatically, then all matters on the 5.2, 5.3, 5.4, 5.5, 5.6, 5.7, 5.8, 5.9,
+5.10, 5.11 and 5.12 sections will be applied to you and your computer, as same
+to the situation when you enabled the VPN Gate Service (the VPN Gate Server
+function). If your P2P Function is enabled, then your computer's IP address
+and the default operator's name which is described on the section 5.5 will be
+listed on the VPN Gate Server List which is provided by the VPN Gate Project.
+You can change these strings by editing the "vpn_gate_relay.config" file
+manually. Note that you need to stop the VPN Client service before editing it.
+The VPN Gate Client will automatically enable the P2P Relay Function on your
+computer if the VPN Gate Client detects that your computer might be located in
+regions where there are existing censorship firewalls. If you want to disable
+the P2P Relay Function, you must set the "DisableRelayServer" flag to "true"
+on the "vpn_client.config" file which is the configuration file of the VPN
+Client. Note that you need to stop the VPN Client service before editing it.
+The VPN Gate Client does not recognize the particular regulation of your
+country or your region. The VPN Gate Client activates the P2P Relay Function
+even if your country or your region has the law to restrict running P2P relay
+functions. Therefore, in such a case, you must disable the P2P Relay Function
+on the VPN Gate Client manually by setting the "DisableRelayServer" flag if
+you reside in such a restricted area, in your own responsibility.
+

src/bin/hamcore/eula.txt

@@ -1,8 +1,8 @@
 SoftEther VPN Server, Client and Bridge are free software, and released as open-source. You can redistribute them and/or modify them under the terms of the GNU General Public License version 2 as published by the Free Software Foundation.
 
-Copyright (c) 2012-2014 Daiyuu Nobori.
-Copyright (c) 2012-2014 SoftEther Project at University of Tsukuba, Japan.
-Copyright (c) 2012-2014 SoftEther Corporation.
+Copyright (c) 2012-2015 Daiyuu Nobori.
+Copyright (c) 2012-2015 SoftEther Project at University of Tsukuba, Japan.
+Copyright (c) 2012-2015 SoftEther Corporation.
 All Rights Reserved.
 http://www.softether.org/
 
@@ -437,6 +437,17 @@ Issue Date: Aug 6, 2010
 
 -------------------
 
+SHA0 implementation:
+
+Copyright (C) 2009 Gabriel A. Petursson
+This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
+
+This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+-------------------
+
 NOTES
 
 SoftEther provides source codes of some GPL/LGPL/other libraries listed above on its web server. Anyone can download, use and re-distribute them under individual licenses which are contained on each archive file, available from the following URL:

src/bin/hamcore/inf/selow_x64/SeLow_x64.inf

@@ -8,7 +8,7 @@ Signature					= "$Windows NT$"
 Class						= NetTrans
 ClassGUID					= {4D36E975-E325-11CE-BFC1-08002BE10318}
 Provider					= %CompanyName%
-DriverVer					= 11/17/2014, 4.12.0.9514
+DriverVer					= 01/30/2015, 4.13.0.9522
 
 CatalogFile.NT				= inf_selow.cat
 
@@ -66,5 +66,5 @@ SeLow_Description			= "A lightweight helper kernel-mode module for PacketiX VPN
 
 
 
-; Auto Generated 20141117_222152.555
+; Auto Generated 20150130_195049.510
 

src/bin/hamcore/inf/selow_x86/SeLow_x86.inf

@@ -8,7 +8,7 @@ Signature					= "$Windows NT$"
 Class						= NetTrans
 ClassGUID					= {4D36E975-E325-11CE-BFC1-08002BE10318}
 Provider					= %CompanyName%
-DriverVer					= 11/17/2014, 4.12.0.9514
+DriverVer					= 01/30/2015, 4.13.0.9522
 
 CatalogFile.NT				= inf_selow.cat
 
@@ -66,5 +66,5 @@ SeLow_Description			= "A lightweight helper kernel-mode module for PacketiX VPN
 
 
 
-; Auto Generated 20141117_221645.757
+; Auto Generated 20150130_194759.090
 

src/bin/hamcore/inf/x64/INF_VPN.inf

@@ -8,7 +8,7 @@ Signature					= "$Windows NT$"
 Class						= Net
 ClassGUID					= {4D36E972-E325-11CE-BFC1-08002BE10318}
 Provider					= %CompanyName%
-DriverVer					= 11/17/2014, 4.12.0.9514
+DriverVer					= 01/30/2015, 4.13.0.9522
 
 CatalogFile.NT				= inf_VPN.cat
 

src/bin/hamcore/inf/x64/INF_VPN10.inf

@@ -8,7 +8,7 @@ Signature					= "$Windows NT$"
 Class						= Net
 ClassGUID					= {4D36E972-E325-11CE-BFC1-08002BE10318}
 Provider					= %CompanyName%
-DriverVer					= 11/17/2014, 4.12.0.9514
+DriverVer					= 01/30/2015, 4.13.0.9522
 
 CatalogFile.NT				= inf_VPN10.cat
 

src/bin/hamcore/inf/x64/INF_VPN100.inf

@@ -8,7 +8,7 @@ Signature					= "$Windows NT$"
 Class						= Net
 ClassGUID					= {4D36E972-E325-11CE-BFC1-08002BE10318}
 Provider					= %CompanyName%
-DriverVer					= 11/17/2014, 4.12.0.9514
+DriverVer					= 01/30/2015, 4.13.0.9522
 
 CatalogFile.NT				= inf_VPN100.cat
 

src/bin/hamcore/inf/x64/INF_VPN101.inf

@@ -8,7 +8,7 @@ Signature					= "$Windows NT$"
 Class						= Net
 ClassGUID					= {4D36E972-E325-11CE-BFC1-08002BE10318}
 Provider					= %CompanyName%
-DriverVer					= 11/17/2014, 4.12.0.9514
+DriverVer					= 01/30/2015, 4.13.0.9522
 
 CatalogFile.NT				= inf_VPN101.cat
 

src/bin/hamcore/inf/x64/INF_VPN102.inf

@@ -8,7 +8,7 @@ Signature					= "$Windows NT$"
 Class						= Net
 ClassGUID					= {4D36E972-E325-11CE-BFC1-08002BE10318}
 Provider					= %CompanyName%
-DriverVer					= 11/17/2014, 4.12.0.9514
+DriverVer					= 01/30/2015, 4.13.0.9522
 
 CatalogFile.NT				= inf_VPN102.cat
 

src/bin/hamcore/inf/x64/INF_VPN103.inf

@@ -8,7 +8,7 @@ Signature					= "$Windows NT$"
 Class						= Net
 ClassGUID					= {4D36E972-E325-11CE-BFC1-08002BE10318}
 Provider					= %CompanyName%
-DriverVer					= 11/17/2014, 4.12.0.9514
+DriverVer					= 01/30/2015, 4.13.0.9522
 
 CatalogFile.NT				= inf_VPN103.cat
 

src/bin/hamcore/inf/x64/INF_VPN104.inf

@@ -8,7 +8,7 @@ Signature					= "$Windows NT$"
 Class						= Net
 ClassGUID					= {4D36E972-E325-11CE-BFC1-08002BE10318}
 Provider					= %CompanyName%
-DriverVer					= 11/17/2014, 4.12.0.9514
+DriverVer					= 01/30/2015, 4.13.0.9522
 
 CatalogFile.NT				= inf_VPN104.cat
 

src/bin/hamcore/inf/x64/INF_VPN105.inf

@@ -8,7 +8,7 @@ Signature					= "$Windows NT$"
 Class						= Net
 ClassGUID					= {4D36E972-E325-11CE-BFC1-08002BE10318}
 Provider					= %CompanyName%
-DriverVer					= 11/17/2014, 4.12.0.9514
+DriverVer					= 01/30/2015, 4.13.0.9522
 
 CatalogFile.NT				= inf_VPN105.cat
 

src/bin/hamcore/inf/x64/INF_VPN106.inf

@@ -8,7 +8,7 @@ Signature					= "$Windows NT$"
 Class						= Net
 ClassGUID					= {4D36E972-E325-11CE-BFC1-08002BE10318}
 Provider					= %CompanyName%
-DriverVer					= 11/17/2014, 4.12.0.9514
+DriverVer					= 01/30/2015, 4.13.0.9522
 
 CatalogFile.NT				= inf_VPN106.cat
 

src/bin/hamcore/inf/x64/INF_VPN107.inf

@@ -8,7 +8,7 @@ Signature					= "$Windows NT$"
 Class						= Net
 ClassGUID					= {4D36E972-E325-11CE-BFC1-08002BE10318}
 Provider					= %CompanyName%
-DriverVer					= 11/17/2014, 4.12.0.9514
+DriverVer					= 01/30/2015, 4.13.0.9522
 
 CatalogFile.NT				= inf_VPN107.cat
 

src/bin/hamcore/inf/x64/INF_VPN108.inf

@@ -8,7 +8,7 @@ Signature					= "$Windows NT$"
 Class						= Net
 ClassGUID					= {4D36E972-E325-11CE-BFC1-08002BE10318}
 Provider					= %CompanyName%
-DriverVer					= 11/17/2014, 4.12.0.9514
+DriverVer					= 01/30/2015, 4.13.0.9522
 
 CatalogFile.NT				= inf_VPN108.cat
 

src/bin/hamcore/inf/x64/INF_VPN109.inf

@@ -8,7 +8,7 @@ Signature					= "$Windows NT$"
 Class						= Net
 ClassGUID					= {4D36E972-E325-11CE-BFC1-08002BE10318}
 Provider					= %CompanyName%
-DriverVer					= 11/17/2014, 4.12.0.9514
+DriverVer					= 01/30/2015, 4.13.0.9522
 
 CatalogFile.NT				= inf_VPN109.cat
 

src/bin/hamcore/inf/x64/INF_VPN11.inf

@@ -8,7 +8,7 @@ Signature					= "$Windows NT$"
 Class						= Net
 ClassGUID					= {4D36E972-E325-11CE-BFC1-08002BE10318}
 Provider					= %CompanyName%
-DriverVer					= 11/17/2014, 4.12.0.9514
+DriverVer					= 01/30/2015, 4.13.0.9522
 
 CatalogFile.NT				= inf_VPN11.cat
 

src/bin/hamcore/inf/x64/INF_VPN110.inf

@@ -8,7 +8,7 @@ Signature					= "$Windows NT$"
 Class						= Net
 ClassGUID					= {4D36E972-E325-11CE-BFC1-08002BE10318}
 Provider					= %CompanyName%
-DriverVer					= 11/17/2014, 4.12.0.9514
+DriverVer					= 01/30/2015, 4.13.0.9522
 
 CatalogFile.NT				= inf_VPN110.cat
 

src/bin/hamcore/inf/x64/INF_VPN111.inf

@@ -8,7 +8,7 @@ Signature					= "$Windows NT$"
 Class						= Net
 ClassGUID					= {4D36E972-E325-11CE-BFC1-08002BE10318}
 Provider					= %CompanyName%
-DriverVer					= 11/17/2014, 4.12.0.9514
+DriverVer					= 01/30/2015, 4.13.0.9522
 
 CatalogFile.NT				= inf_VPN111.cat
 

src/bin/hamcore/inf/x64/INF_VPN112.inf

@@ -8,7 +8,7 @@ Signature					= "$Windows NT$"
 Class						= Net
 ClassGUID					= {4D36E972-E325-11CE-BFC1-08002BE10318}
 Provider					= %CompanyName%
-DriverVer					= 11/17/2014, 4.12.0.9514
+DriverVer					= 01/30/2015, 4.13.0.9522
 
 CatalogFile.NT				= inf_VPN112.cat
 

src/bin/hamcore/inf/x64/INF_VPN113.inf

@@ -8,7 +8,7 @@ Signature					= "$Windows NT$"
 Class						= Net
 ClassGUID					= {4D36E972-E325-11CE-BFC1-08002BE10318}
 Provider					= %CompanyName%
-DriverVer					= 11/17/2014, 4.12.0.9514
+DriverVer					= 01/30/2015, 4.13.0.9522
 
 CatalogFile.NT				= inf_VPN113.cat
 

src/bin/hamcore/inf/x64/INF_VPN114.inf

@@ -8,7 +8,7 @@ Signature					= "$Windows NT$"
 Class						= Net
 ClassGUID					= {4D36E972-E325-11CE-BFC1-08002BE10318}
 Provider					= %CompanyName%
-DriverVer					= 11/17/2014, 4.12.0.9514
+DriverVer					= 01/30/2015, 4.13.0.9522
 
 CatalogFile.NT				= inf_VPN114.cat
 

src/bin/hamcore/inf/x64/INF_VPN115.inf

@@ -8,7 +8,7 @@ Signature					= "$Windows NT$"
 Class						= Net
 ClassGUID					= {4D36E972-E325-11CE-BFC1-08002BE10318}
 Provider					= %CompanyName%
-DriverVer					= 11/17/2014, 4.12.0.9514
+DriverVer					= 01/30/2015, 4.13.0.9522
 
 CatalogFile.NT				= inf_VPN115.cat
 

src/bin/hamcore/inf/x64/INF_VPN116.inf

@@ -8,7 +8,7 @@ Signature					= "$Windows NT$"
 Class						= Net
 ClassGUID					= {4D36E972-E325-11CE-BFC1-08002BE10318}
 Provider					= %CompanyName%
-DriverVer					= 11/17/2014, 4.12.0.9514
+DriverVer					= 01/30/2015, 4.13.0.9522
 
 CatalogFile.NT				= inf_VPN116.cat
 

src/bin/hamcore/inf/x64/INF_VPN117.inf

@@ -8,7 +8,7 @@ Signature					= "$Windows NT$"
 Class						= Net
 ClassGUID					= {4D36E972-E325-11CE-BFC1-08002BE10318}
 Provider					= %CompanyName%
-DriverVer					= 11/17/2014, 4.12.0.9514
+DriverVer					= 01/30/2015, 4.13.0.9522
 
 CatalogFile.NT				= inf_VPN117.cat
 

src/bin/hamcore/inf/x64/INF_VPN118.inf

@@ -8,7 +8,7 @@ Signature					= "$Windows NT$"
 Class						= Net
 ClassGUID					= {4D36E972-E325-11CE-BFC1-08002BE10318}
 Provider					= %CompanyName%
-DriverVer					= 11/17/2014, 4.12.0.9514
+DriverVer					= 01/30/2015, 4.13.0.9522
 
 CatalogFile.NT				= inf_VPN118.cat
 

src/bin/hamcore/inf/x64/INF_VPN119.inf

@@ -8,7 +8,7 @@ Signature					= "$Windows NT$"
 Class						= Net
 ClassGUID					= {4D36E972-E325-11CE-BFC1-08002BE10318}
 Provider					= %CompanyName%
-DriverVer					= 11/17/2014, 4.12.0.9514
+DriverVer					= 01/30/2015, 4.13.0.9522
 
 CatalogFile.NT				= inf_VPN119.cat
 

src/bin/hamcore/inf/x64/INF_VPN12.inf

@@ -8,7 +8,7 @@ Signature					= "$Windows NT$"
 Class						= Net
 ClassGUID					= {4D36E972-E325-11CE-BFC1-08002BE10318}
 Provider					= %CompanyName%
-DriverVer					= 11/17/2014, 4.12.0.9514
+DriverVer					= 01/30/2015, 4.13.0.9522
 
 CatalogFile.NT				= inf_VPN12.cat
 

src/bin/hamcore/inf/x64/INF_VPN120.inf

@@ -8,7 +8,7 @@ Signature					= "$Windows NT$"
 Class						= Net
 ClassGUID					= {4D36E972-E325-11CE-BFC1-08002BE10318}
 Provider					= %CompanyName%
-DriverVer					= 11/17/2014, 4.12.0.9514
+DriverVer					= 01/30/2015, 4.13.0.9522
 
 CatalogFile.NT				= inf_VPN120.cat
 

src/bin/hamcore/inf/x64/INF_VPN121.inf

@@ -8,7 +8,7 @@ Signature					= "$Windows NT$"
 Class						= Net
 ClassGUID					= {4D36E972-E325-11CE-BFC1-08002BE10318}
 Provider					= %CompanyName%
-DriverVer					= 11/17/2014, 4.12.0.9514
+DriverVer					= 01/30/2015, 4.13.0.9522
 
 CatalogFile.NT				= inf_VPN121.cat
 

src/bin/hamcore/inf/x64/INF_VPN122.inf

@@ -8,7 +8,7 @@ Signature					= "$Windows NT$"
 Class						= Net
 ClassGUID					= {4D36E972-E325-11CE-BFC1-08002BE10318}
 Provider					= %CompanyName%
-DriverVer					= 11/17/2014, 4.12.0.9514
+DriverVer					= 01/30/2015, 4.13.0.9522
 
 CatalogFile.NT				= inf_VPN122.cat
 

src/bin/hamcore/inf/x64/INF_VPN123.inf

@@ -8,7 +8,7 @@ Signature					= "$Windows NT$"
 Class						= Net
 ClassGUID					= {4D36E972-E325-11CE-BFC1-08002BE10318}
 Provider					= %CompanyName%
-DriverVer					= 11/17/2014, 4.12.0.9514
+DriverVer					= 01/30/2015, 4.13.0.9522
 
 CatalogFile.NT				= inf_VPN123.cat
 

src/bin/hamcore/inf/x64/INF_VPN124.inf

@@ -8,7 +8,7 @@ Signature					= "$Windows NT$"
 Class						= Net
 ClassGUID					= {4D36E972-E325-11CE-BFC1-08002BE10318}
 Provider					= %CompanyName%
-DriverVer					= 11/17/2014, 4.12.0.9514
+DriverVer					= 01/30/2015, 4.13.0.9522
 
 CatalogFile.NT				= inf_VPN124.cat
 

src/bin/hamcore/inf/x64/INF_VPN125.inf

@@ -8,7 +8,7 @@ Signature					= "$Windows NT$"
 Class						= Net
 ClassGUID					= {4D36E972-E325-11CE-BFC1-08002BE10318}
 Provider					= %CompanyName%
-DriverVer					= 11/17/2014, 4.12.0.9514
+DriverVer					= 01/30/2015, 4.13.0.9522
 
 CatalogFile.NT				= inf_VPN125.cat
 

src/bin/hamcore/inf/x64/INF_VPN126.inf

@@ -8,7 +8,7 @@ Signature					= "$Windows NT$"
 Class						= Net
 ClassGUID					= {4D36E972-E325-11CE-BFC1-08002BE10318}
 Provider					= %CompanyName%
-DriverVer					= 11/17/2014, 4.12.0.9514
+DriverVer					= 01/30/2015, 4.13.0.9522
 
 CatalogFile.NT				= inf_VPN126.cat
 

src/bin/hamcore/inf/x64/INF_VPN127.inf

@@ -8,7 +8,7 @@ Signature					= "$Windows NT$"
 Class						= Net
 ClassGUID					= {4D36E972-E325-11CE-BFC1-08002BE10318}
 Provider					= %CompanyName%
-DriverVer					= 11/17/2014, 4.12.0.9514
+DriverVer					= 01/30/2015, 4.13.0.9522
 
 CatalogFile.NT				= inf_VPN127.cat
 

src/bin/hamcore/inf/x64/INF_VPN13.inf

@@ -8,7 +8,7 @@ Signature					= "$Windows NT$"
 Class						= Net
 ClassGUID					= {4D36E972-E325-11CE-BFC1-08002BE10318}
 Provider					= %CompanyName%
-DriverVer					= 11/17/2014, 4.12.0.9514
+DriverVer					= 01/30/2015, 4.13.0.9522
 
 CatalogFile.NT				= inf_VPN13.cat
 

src/bin/hamcore/inf/x64/INF_VPN14.inf

@@ -8,7 +8,7 @@ Signature					= "$Windows NT$"
 Class						= Net
 ClassGUID					= {4D36E972-E325-11CE-BFC1-08002BE10318}
 Provider					= %CompanyName%
-DriverVer					= 11/17/2014, 4.12.0.9514
+DriverVer					= 01/30/2015, 4.13.0.9522
 
 CatalogFile.NT				= inf_VPN14.cat
 

src/bin/hamcore/inf/x64/INF_VPN15.inf

@@ -8,7 +8,7 @@ Signature					= "$Windows NT$"
 Class						= Net
 ClassGUID					= {4D36E972-E325-11CE-BFC1-08002BE10318}
 Provider					= %CompanyName%
-DriverVer					= 11/17/2014, 4.12.0.9514
+DriverVer					= 01/30/2015, 4.13.0.9522
 
 CatalogFile.NT				= inf_VPN15.cat
 

src/bin/hamcore/inf/x64/INF_VPN16.inf

@@ -8,7 +8,7 @@ Signature					= "$Windows NT$"
 Class						= Net
 ClassGUID					= {4D36E972-E325-11CE-BFC1-08002BE10318}
 Provider					= %CompanyName%
-DriverVer					= 11/17/2014, 4.12.0.9514
+DriverVer					= 01/30/2015, 4.13.0.9522
 
 CatalogFile.NT				= inf_VPN16.cat
 

src/bin/hamcore/inf/x64/INF_VPN17.inf

@@ -8,7 +8,7 @@ Signature					= "$Windows NT$"
 Class						= Net
 ClassGUID					= {4D36E972-E325-11CE-BFC1-08002BE10318}
 Provider					= %CompanyName%
-DriverVer					= 11/17/2014, 4.12.0.9514
+DriverVer					= 01/30/2015, 4.13.0.9522
 
 CatalogFile.NT				= inf_VPN17.cat
 

src/bin/hamcore/inf/x64/INF_VPN18.inf

@@ -8,7 +8,7 @@ Signature					= "$Windows NT$"
 Class						= Net
 ClassGUID					= {4D36E972-E325-11CE-BFC1-08002BE10318}
 Provider					= %CompanyName%
-DriverVer					= 11/17/2014, 4.12.0.9514
+DriverVer					= 01/30/2015, 4.13.0.9522
 
 CatalogFile.NT				= inf_VPN18.cat
 

src/bin/hamcore/inf/x64/INF_VPN19.inf

@@ -8,7 +8,7 @@ Signature					= "$Windows NT$"
 Class						= Net
 ClassGUID					= {4D36E972-E325-11CE-BFC1-08002BE10318}
 Provider					= %CompanyName%
-DriverVer					= 11/17/2014, 4.12.0.9514
+DriverVer					= 01/30/2015, 4.13.0.9522
 
 CatalogFile.NT				= inf_VPN19.cat
 

src/bin/hamcore/inf/x64/INF_VPN2.inf

@@ -8,7 +8,7 @@ Signature					= "$Windows NT$"
 Class						= Net
 ClassGUID					= {4D36E972-E325-11CE-BFC1-08002BE10318}
 Provider					= %CompanyName%
-DriverVer					= 11/17/2014, 4.12.0.9514
+DriverVer					= 01/30/2015, 4.13.0.9522
 
 CatalogFile.NT				= inf_VPN2.cat
 

src/bin/hamcore/inf/x64/INF_VPN20.inf

@@ -8,7 +8,7 @@ Signature					= "$Windows NT$"
 Class						= Net
 ClassGUID					= {4D36E972-E325-11CE-BFC1-08002BE10318}
 Provider					= %CompanyName%
-DriverVer					= 11/17/2014, 4.12.0.9514
+DriverVer					= 01/30/2015, 4.13.0.9522
 
 CatalogFile.NT				= inf_VPN20.cat
 

src/bin/hamcore/inf/x64/INF_VPN21.inf

@@ -8,7 +8,7 @@ Signature					= "$Windows NT$"
 Class						= Net
 ClassGUID					= {4D36E972-E325-11CE-BFC1-08002BE10318}
 Provider					= %CompanyName%
-DriverVer					= 11/17/2014, 4.12.0.9514
+DriverVer					= 01/30/2015, 4.13.0.9522
 
 CatalogFile.NT				= inf_VPN21.cat
 

src/bin/hamcore/inf/x64/INF_VPN22.inf

@@ -8,7 +8,7 @@ Signature					= "$Windows NT$"
 Class						= Net
 ClassGUID					= {4D36E972-E325-11CE-BFC1-08002BE10318}
 Provider					= %CompanyName%
-DriverVer					= 11/17/2014, 4.12.0.9514
+DriverVer					= 01/30/2015, 4.13.0.9522
 
 CatalogFile.NT				= inf_VPN22.cat
 

src/bin/hamcore/inf/x64/INF_VPN23.inf

@@ -8,7 +8,7 @@ Signature					= "$Windows NT$"
 Class						= Net
 ClassGUID					= {4D36E972-E325-11CE-BFC1-08002BE10318}
 Provider					= %CompanyName%
-DriverVer					= 11/17/2014, 4.12.0.9514
+DriverVer					= 01/30/2015, 4.13.0.9522
 
 CatalogFile.NT				= inf_VPN23.cat
 

src/bin/hamcore/inf/x64/INF_VPN24.inf

@@ -8,7 +8,7 @@ Signature					= "$Windows NT$"
 Class						= Net
 ClassGUID					= {4D36E972-E325-11CE-BFC1-08002BE10318}
 Provider					= %CompanyName%
-DriverVer					= 11/17/2014, 4.12.0.9514
+DriverVer					= 01/30/2015, 4.13.0.9522
 
 CatalogFile.NT				= inf_VPN24.cat
 

src/bin/hamcore/inf/x64/INF_VPN25.inf

@@ -8,7 +8,7 @@ Signature					= "$Windows NT$"
 Class						= Net
 ClassGUID					= {4D36E972-E325-11CE-BFC1-08002BE10318}
 Provider					= %CompanyName%
-DriverVer					= 11/17/2014, 4.12.0.9514
+DriverVer					= 01/30/2015, 4.13.0.9522
 
 CatalogFile.NT				= inf_VPN25.cat
 

src/bin/hamcore/inf/x64/INF_VPN26.inf

@@ -8,7 +8,7 @@ Signature					= "$Windows NT$"
 Class						= Net
 ClassGUID					= {4D36E972-E325-11CE-BFC1-08002BE10318}
 Provider					= %CompanyName%
-DriverVer					= 11/17/2014, 4.12.0.9514
+DriverVer					= 01/30/2015, 4.13.0.9522
 
 CatalogFile.NT				= inf_VPN26.cat
 

src/bin/hamcore/inf/x64/INF_VPN27.inf

@@ -8,7 +8,7 @@ Signature					= "$Windows NT$"
 Class						= Net
 ClassGUID					= {4D36E972-E325-11CE-BFC1-08002BE10318}
 Provider					= %CompanyName%
-DriverVer					= 11/17/2014, 4.12.0.9514
+DriverVer					= 01/30/2015, 4.13.0.9522
 
 CatalogFile.NT				= inf_VPN27.cat