Version 2.5.0

• Added experimental ike-persist option which will save IPSec session to disk, restore it after service or computer restart and automatically reconnect the tunnel without authentication. It works best in combination with the ike-lifetime option. For example, setting ike-lifetime to 604800 will keep the session for 7 days. Note that most IPSec servers have shorter IKE duration configured, so it may be terminated earlier. This option is also added to the GUI application under "Misc settings" category. Automatic reconnection will happen when running in the standalone mode, when GUI application starts or when snxctl sends the "connect" command.
• Fixed some issues with added routes.
• Fixed a problem with SSL connection when username is not specified

Version 2.4.2

• Fixed the ignore-routes option which wasn't working as expected
• Fixed a problem with the default-route=true option in combination with the IPSec tunnel
• Allow comma-separated values in the command line for the multi-value parameters
• Added informational message printed to stdout when the tunnel is connected in standalone mode
• Ignore stored or specified passwords for the SAML authentication

Version 2.4.1

• Don't hard-fail the connection if there is IP address mismatch in the IPSec ID payload. This seems to cause issues with some users. The warning will be logged instead
• Don't require user name to be specified for password logins. The user will be prompted for it if needed
• Improved MFA prompts retrieval from the server

Version 2.4.0

• By default, system browser is now used for SAML SSO authentication, instead of WebKit. This reduces the target system dependencies when building and running the application. WebKit can still be enabled during compilation via the webkit2gtk feature flag
• Fixed a regression in the certificate authentication when MFA codes are not required (only for IPSec tunnel)
• Added client-mode advanced parameter which may help with some compatibility issues
• Minor fixes for the UI application

Version 2.3.0

• Added an option to enable certificate validation for IPSec tunnel via the new "ipsec-cert-check" parameter. Requires a custom CA root certificate to be specified.
• Changed "ca-cert" option to be a comma-separated list of certificates rather than a single certificate
• Added IP address check and signature validation of the IKE ID payload (security improvement)
• Fixed a compatibility issue with the old CheckPoint servers which do not advertise authentication methods
• Fixed a bug with the keepalive packets for the SSL tunnel when large amount of data was sent to the tun device

Version 2.2.8

• Added support for certificate authentication type which requires additional MFA code or password (only for IPSec tunnel)

Version 2.2.7

• SSL tunnel: fixed a bug with network interface and routes which are not deleted after disconnect.

Version 2.2.6

• Fixed a bug with saving the configuration from the GUI app when ~/.config/snx-rs directory does not exist

Version 2.2.5

• Compatibility fixes

Version 2.2.4

• Added support for 3DES encryption when doing ESP SA proposal, to be able to connect to older or misconfigured Checkpoint servers which still use this. Seems like they are pretty common.