HP TCPIP Services for OpenVMS Release Notes

This document serves as the Release Notes for HP TCP/IP Services for OpenVMS Version 5.7, published in March 2010. It details new features, behavioral enhancements, installation notes, restrictions, and corrections for the software, supported on OpenVMS Alpha and OpenVMS Integrity server systems (requires OpenVMS Version 8.4 or higher).

Key areas covered include:

• New Features:

  • Packet Processing Engine (PPE): A CPU-dedicated engine designed to improve TCP/IP performance efficiency on multi-CPU systems, especially when the TCP/IP CPU is nearing saturation. It can be dynamically enabled/disabled and requires specific configuration for optimal use.
  • FTP Anonymous Light: A feature to restrict anonymous FTP user access to a predefined set of directories. New parameters (e.g., TCPIP$FTPD_NOLIST, _NOREAD, _NOWRITE, _NODELETE) allow granular control over specific FTP operations.

• Enhancements:

  • TCPIP$CONFIG Utility: Improved to manage interfaces and addresses on remote cluster members (if sharing a configuration database) and for IP as the Cluster Interconnect (IPCI).
  • LPD Configurable Port: LPR/LPD now supports using any ephemeral port, enabling secure printing over SSH tunnels.
  • FTP over SSL (TLS/SSL): Provides secured FTP sessions and file transfers, compliant with RFC 4217 and RFC 2228, with support for Clear Command Channel (CCC) in NAT environments.
  • SMTP Cluster Ability: Enhanced to be cluster-aware for high availability and load balancing, using a common generic queue (TCPIP$SMTP) across nodes.
  • SMTP & POP ASCII File Configuration: Both SMTP and POP now use new ASCII-based configuration files (TCPIP$SMTP.CONF and TCPIP$POP.CONF) instead of logical names, with rollover tools provided for upgrading.
  • SMTP Persistent Receiver: The SMTP receiver process now remains persistent to service multiple incoming mails, improving efficiency.
  • POP Server External Authentication: Supports external authentication via the SYS$ACM system service, allowing integration with VMS native extensions or LDAP.

• Installation, Configuration, Startup, and Shutdown:

  • Requires removal of V5.3 Early Adopter's Kits (SSH, failSAFE IP) before installation.
  • Recommends adding a system to an OpenVMS Cluster before configuring TCP/IP Services, especially for I64 systems, and notes potential SYSUAF parameter adjustments.
  • Requires updating SSH configuration files from previous versions and provides commands for this.
  • Provides troubleshooting for SMTP and LPD shutdown issues related to queue manager order.

• Restrictions and Limitations:

  • IP Security (IPSec): Not supported for production use.
  • BIND/DNS: Notes issues with AAAA record responses, experimental secure resolution, and a requirement for OpenSSL V1.2+.
  • IPv6: Mobile IPv6 is not supported and requires the BIND resolver to be enabled.
  • NFS: Various limitations are listed, including issues with SYMLINKs, specific file naming conventions, and support for NFS Version 2 only.
  • SNMP: Details incomplete restarts, IVP errors, MIB subagent compatibility, and community name restrictions.
  • SSH/SCP/SFTP: A comprehensive list of restrictions, including unsupported UNIX features, command syntax nuances, authentication details, file transfer limitations (e.g., large files, ODS-5 extended filenames), and potential issues with X11 forwarding and BIND Resolver diagnostics causing packet corruption.

• Corrections:

  • Numerous bugs and problems fixed across almost all components of TCP/IP Services, addressing system crashes, performance issues, security vulnerabilities (e.g., spoofing, buffer overflows), incorrect command behavior, and configuration errors in areas like the network kernel, BIND server, DHCP, failSAFE IP, FTP, IMAP, LPD, SNMP, SSH/SCP/SFTP, TELNET, TFTP, and various management utilities.

• Documentation Update:

  • Lists manuals that were not updated for Version 5.7 and provides errata, such as clarifying Point-to-Point Protocol (PPP) support for Integrity servers and updating the default value for TCP_KEEPIDLE.