HP TCPIP Services for OpenVMS Release Notes

This document comprises the Release Notes for HP TCP/IP Services for OpenVMS Version 5.5, published in January 2005. It details new features, behavioral enhancements, installation changes, restrictions, and bug fixes for the product, which is supported on OpenVMS Alpha and OpenVMS Industry Standard 64 (I64) for Integrity Servers running Version 8.2 or higher.

Key New Features and Enhancements:

• I64 Platform Support: TCP/IP Services now runs on HP Itanium-based (I64) platforms, offering similar functionality to Alpha systems.

• IPv6 Enhancements:

  • failSAFE IP now supports IPv6, with new ifconfig commands.
  • Neighbor Discovery supports dynamic update requests for the ip6.arpa DNS reverse zone.
  • IPv6 Application Programming Interface (API) updates, including deprecation of AI_DEFAULT in getaddrinfo and porting of IPv4 client/server examples to IPv6. Several older EAK functions are deprecated in favor of newer APIs.

• Secure IMAP: Introduced with Secure Sockets Layer (SSL) support for secure message retrieval and management. Requires HP SSL kit and offers new configuration options.

• Network Time Protocol (NTP) V4.2: Upgraded to Version 4.2.0, supporting IPv6 and symmetric key cryptography. The NTP_GENKEYS utility is replaced by NTP_KEYGEN. Clock synchronization for larger offsets has been enhanced for faster correction.
• SSH Features: Upgraded to Version 3.2, with support for IPv6, UNIX-like port forwarding, increased maximum file transfer size (from 4MB to 4GB) and improved speed, and the ability to use SSH commands in batch jobs.
• libpcap API Support: Version 0.8.3 is now supported.
• TCPDUMP Version 3.8.3: Upgraded to a newer version, utilizing the libpcap API.
• Updated Header Files: Several header files in TCPIP$EXAMPLES have been updated due to IETF RFCs, performance, and internal changes, potentially affecting backward compatibility.

Installation, Configuration, and Shutdown Changes:

• Requires OpenVMS Version 8.2 or higher.
• Existing V5.3 Early Adopter's Kits (EAKs) for SSH and failSAFE IP must be removed before installation.
• This is the last release supporting direct upgrades from TCP/IP Services Version 4.x.
• SNMP startup procedures require explicit configuration or re-enabling after upgrade, and custom subagent startup/shutdown files are no longer automatically created by TCPIP$CONFIG.COM.
• The scalable kernel for TCP/IP performance is now standard, replacing the optional nature of previous releases.
• For OpenVMS I64 clusters, it's recommended to add the system to the cluster before configuring TCP/IP Services. SYSUAF parameters for TCP/IP accounts are set to higher values.
• SSH configuration files from previous versions are incompatible and require manual updating by extracting new templates and porting modifications.

Key Restrictions and Limitations:

• Critical Limitations on OpenVMS I64 Platforms: The NFS server, PPP (Point-to-Point Protocol), and SLIP (Serial Line IP) services do not work on I64 platforms in this release. These are expected to be fixed in a future update.
• IPv6 Restrictions: Mobile IPv6 is not supported. IPv6 requires the BIND resolver to be enabled.
• NFS Restrictions (Alpha): Various issues including server hangs with Solaris 9 ls command (with a workaround), misleading MOUNT server messages, lock server failures with unqualified hostnames across domains, and limitations to NFS Version 2 (32-bit file size, ISO Latin-1 only).
• SSH Limitations: SSH1 protocol is not supported. Kerberos-based authentication is not supported. PermitRootLogin and EnforceSecureRutils are not supported. Specific restrictions apply to batch mode, X11 port forwarding, and large file transfers (cannot abort with Ctrl/C/Y).
• BIND/DNS Restrictions: BIND Version 9.2.1 has experimental/partial support for secure zones (wildcards, DNSSEC validation, dynamic updates, zone transfer security). Some DNS servers might return NXDOMAIN for IPv6 AAAA records.
• TCPDUMP Restrictions: Works in copy-all mode (only sees local host packets), not promiscuous. Only Ethernet NICs supported. The -i and -p options are not supported.

Key Corrections and Bug Fixes:

• Resolved link conflicts with TCPIP$LIB.OLB when using strdup or putenv functions.
• Fixed BIND server issues, including slave refusing notify requests for IPv6-enabled masters and "Assertion Failure" exits.
• Corrected failSAFE IP phantom failures and added options for log file location and traffic generation.
• Addressed FTP server rejections of IP address/privileged port specification and "Illegal PORT command" errors.
• Fixed IMAP issues where mail messages were lost after move/purge and CLOSE command failed to delete marked messages.
• Resolved multiple TCPIP$IP6_SETUP.COM problems related to 6to4 tunnels, routes, and general IPv6 configuration, and removed the requirement for TCP/IP Services to be started before running it.
• Corrected various NFS server issues on Alpha, including case-sensitive lookups, directory version limit inheritance, and improper mount point verification.
• Fixed NTP issues where the system clock failed to adjust on high-performance Alphas and lowercase file names were created on ODS-5 disks.
• Addressed RCP problems with recursive file copies, preserving file attributes (new /VMS qualifier), and copying files larger than 2GB (now supports up to 4GB).
• Corrected SMTP issues related to recipient deliverability checks (new configuration option), accepting mail from blocked senders (increased field limit), duplicate Message-IDs, and malformed headers with multiple To:/Cc: addresses.
• Relaxed restrictions on SNMP community names in TCPIP$CONFIG.COM (though spaces are still disallowed).
• Fixed a hang in the getaddrinfo() socket function.
• Resolved SSH problems including server not allowing password changes for expired accounts, language tag support, secondary password authentication, X11 port forwarding, SFTP double echo, batch mode failures, and RSA key type acceptance for server authentication.
• Fixed POP SSL ceasing to function after SSL V1.2 kit installation.
• Improved TELNET intrusion detection flexibility, preventing system-wide lockouts.

The document also outlines various updates made to existing TCP/IP Services documentation and lists planned future documentation changes.