+strongswan-5.3.0
+----------------
+
+- Added support for IKEv2 make-before-break reauthentication. By using a global
+ CHILD_SA reqid allocation mechanism, charon supports overlapping CHILD_SAs.
+ This allows the use of make-before-break instead of the previously supported
+ break-before-make reauthentication, avoiding connectivity gaps during that
+ procedure. As the new mechanism may fail with peers not supporting it (such
+ as any previous strongSwan release) it must be explicitly enabled using
+ the charon.make_before_break strongswan.conf option.
+
+- Support for "Signature Authentication in IKEv2" (RFC 7427) has been added.
+ This allows the use of stronger hash algorithms for public key authentication.
+ By default, signature schemes are chosen based on the strength of the
+ signature key, but specific hash algorithms may be configured in leftauth.
+
+- Key types and hash algorithms specified in rightauth are now also checked
+ against IKEv2 signature schemes. If such constraints are used for certificate
+ chain validation in existing configurations, in particular with peers that
+ don't support RFC 7427, it may be necessary to disable this feature with the
+ charon.signature_authentication_constraints setting, because the signature
+ scheme used in classic IKEv2 public key authentication may not be strong
+ enough.
+
+- The new connmark plugin allows a host to bind conntrack flows to a specific
+ CHILD_SA by applying and restoring the SA mark to conntrack entries. This
+ allows a peer to handle multiple transport mode connections coming over the
+ same NAT device for client-initiated flows. A common use case is to protect
+ L2TP/IPsec, as supported by some systems.
+
+- The forecast plugin can forward broadcast and multicast messages between
+ connected clients and a LAN. For CHILD_SA using unique marks, it sets up
+ the required Netfilter rules and uses a multicast/broadcast listener that
+ forwards such messages to all connected clients. This plugin is designed for
+ Windows 7 IKEv2 clients, which announces its services over the tunnel if the
+ negotiated IPsec policy allows it.
+
+- For the vici plugin a Python Egg has been added to allow Python applications
+ to control or monitor the IKE daemon using the VICI interface, similar to the
+ existing ruby gem. The Python library has been contributed by Björn Schuberg.
+
+- EAP server methods now can fulfill public key constraints, such as rightcert
+ or rightca. Additionally, public key and signature constraints can be
+ specified for EAP methods in the rightauth keyword. Currently the EAP-TLS and
+ EAP-TTLS methods provide verification details to constraints checking.
+
+- Upgrade of the BLISS post-quantum signature algorithm to the improved BLISS-B
+ variant. Can be used in conjunction with the SHA256, SHA384 and SHA512 hash
+ algorithms with SHA512 being the default.
+
+- The IF-IMV 1.4 interface now makes the IP address of the TNC access requestor
+ as seen by the TNC server available to all IMVs. This information can be
+ forwarded to policy enforcement points (e.g. firewalls or routers).
+
+- The new mutual tnccs-20 plugin parameter activates mutual TNC measurements
+ in PB-TNC half-duplex mode between two endpoints over either a PT-EAP or
+ PT-TLS transport medium.
+
+
+strongswan-5.2.2
+----------------
+
+- Fixed a denial-of-service vulnerability triggered by an IKEv2 Key Exchange
+ payload that contains the Diffie-Hellman group 1025. This identifier was
+ used internally for DH groups with custom generator and prime. Because
+ these arguments are missing when creating DH objects based on the KE payload
+ an invalid pointer dereference occurred. This allowed an attacker to crash
+ the IKE daemon with a single IKE_SA_INIT message containing such a KE
+ payload. The vulnerability has been registered as CVE-2014-9221.
+
+- The left/rightid options in ipsec.conf, or any other identity in strongSwan,
+ now accept prefixes to enforce an explicit type, such as email: or fqdn:.
+ Note that no conversion is done for the remaining string, refer to
+ ipsec.conf(5) for details.
+
+- The post-quantum Bimodal Lattice Signature Scheme (BLISS) can be used as
+ an IKEv2 public key authentication method. The pki tool offers full support
+ for the generation of BLISS key pairs and certificates.
+
+- Fixed mapping of integrity algorithms negotiated for AH via IKEv1. This could
+ cause interoperability issues when connecting to older versions of charon.
+
+
+strongswan-5.2.1
+----------------
+
+- The new charon-systemd IKE daemon implements an IKE daemon tailored for use
+ with systemd. It avoids the dependency on ipsec starter and uses swanctl
+ as configuration backend, building a simple and lightweight solution. It
+ supports native systemd journal logging.
+
+- Support for IKEv2 fragmentation as per RFC 7383 has been added. Like IKEv1
+ fragmentation it can be enabled by setting fragmentation=yes in ipsec.conf.
+
+- Support of the TCG TNC IF-M Attribute Segmentation specification proposal.
+ All attributes can be segmented. Additionally TCG/SWID Tag, TCG/SWID Tag ID
+ and IETF/Installed Packages attributes can be processed incrementally on a
+ per segment basis.
+
+- The new ext-auth plugin calls an external script to implement custom IKE_SA
+ authorization logic, courtesy of Vyronas Tsingaras.
+
+- For the vici plugin a ruby gem has been added to allow ruby applications
+ to control or monitor the IKE daemon. The vici documentation has been updated
+ to include a description of the available operations and some simple examples
+ using both the libvici C interface and the ruby gem.
+
+
+strongswan-5.2.0
+----------------
+
+- strongSwan has been ported to the Windows platform. Using a MinGW toolchain,
+ many parts of the strongSwan codebase run natively on Windows 7 / 2008 R2
+ and newer releases. charon-svc implements a Windows IKE service based on
+ libcharon, the kernel-iph and kernel-wfp plugins act as networking and IPsec
+ backend on the Windows platform. socket-win provides a native IKE socket
+ implementation, while winhttp fetches CRL and OCSP information using the
+ WinHTTP API.
+
+- The new vici plugin provides a Versatile IKE Configuration Interface for
+ charon. Using the stable IPC interface, external applications can configure,
+ control and monitor the IKE daemon. Instead of scripting the ipsec tool
+ and generating ipsec.conf, third party applications can use the new interface
+ for more control and better reliability.
+
+- Built upon the libvici client library, swanctl implements the first user of
+ the VICI interface. Together with a swanctl.conf configuration file,
+ connections can be defined, loaded and managed. swanctl provides a portable,
+ complete IKE configuration and control interface for the command line.
+ The first six swanctl example scenarios have been added.
+
+- The SWID IMV implements a JSON-based REST API which allows the exchange
+ of SWID tags and Software IDs with the strongTNC policy manager.
+
+- The SWID IMC can extract all installed packages from the dpkg (Debian,
+ Ubuntu, Linux Mint etc.), rpm (Fedora, RedHat, OpenSUSE, etc.), or
+ pacman (Arch Linux, Manjaro, etc.) package managers, respectively, using the
+ swidGenerator (https://github.com/strongswan/swidGenerator) which generates
+ SWID tags according to the new ISO/IEC 19770-2:2014 standard.
+
+- All IMVs now share the access requestor ID, device ID and product info
+ of an access requestor via a common imv_session object.
+
+- The Attestation IMC/IMV pair supports the IMA-NG measurement format
+ introduced with the Linux 3.13 kernel.
+
+- The aikgen tool generates an Attestation Identity Key bound to a TPM.
+
+- Implemented the PT-EAP transport protocol (RFC 7171) for Trusted Network
+ Connect.
+
+- The ipsec.conf replay_window option defines connection specific IPsec replay
+ windows. Original patch courtesy of Zheng Zhong and Christophe Gouault from
+ 6Wind.
+
+
+strongswan-5.1.3
+----------------
+
+- Fixed an authentication bypass vulnerability triggered by rekeying an
+ unestablished IKEv2 SA while it gets actively initiated. This allowed an
+ attacker to trick a peer's IKE_SA state to established, without the need to
+ provide any valid authentication credentials. The vulnerability has been
+ registered as CVE-2014-2338.
+
+- The acert plugin evaluates X.509 Attribute Certificates. Group membership
+ information encoded as strings can be used to fulfill authorization checks
+ defined with the rightgroups option. Attribute Certificates can be loaded
+ locally or get exchanged in IKEv2 certificate payloads.
+
+- The pki command gained support to generate X.509 Attribute Certificates
+ using the --acert subcommand, while the --print command supports the ac type.
+ The openac utility has been removed in favor of the new pki functionality.
+
+- The libtls TLS 1.2 implementation as used by EAP-(T)TLS and other protocols
+ has been extended by AEAD mode support, currently limited to AES-GCM.
+
+
+strongswan-5.1.2
+----------------
+
+- A new default configuration file layout is introduced. The new default
+ strongswan.conf file mainly includes config snippets from the strongswan.d
+ and strongswan.d/charon directories (the latter containing snippets for all
+ plugins). The snippets, with commented defaults, are automatically
+ generated and installed, if they don't exist yet. They are also installed
+ in $prefix/share/strongswan/templates so existing files can be compared to
+ the current defaults.
+
+- As an alternative to the non-extensible charon.load setting, the plugins
+ to load in charon (and optionally other applications) can now be determined
+ via the charon.plugins.<name>.load setting for each plugin (enabled in the
+ new default strongswan.conf file via the charon.load_modular option).
+ The load setting optionally takes a numeric priority value that allows
+ reordering the plugins (otherwise the default plugin order is preserved).
+
+- All strongswan.conf settings that were formerly defined in library specific
+ "global" sections are now application specific (e.g. settings for plugins in
+ libstrongswan.plugins can now be set only for charon in charon.plugins).
+ The old options are still supported, which now allows to define defaults for
+ all applications in the libstrongswan section.
+
+- The ntru libstrongswan plugin supports NTRUEncrypt as a post-quantum
+ computer IKE key exchange mechanism. The implementation is based on the
+ ntru-crypto library from the NTRUOpenSourceProject. The supported security
+ strengths are ntru112, ntru128, ntru192, and ntru256. Since the private DH
+ group IDs 1030..1033 have been assigned, the strongSwan Vendor ID must be
+ sent (charon.send_vendor_id = yes) in order to use NTRU.
+
+- Defined a TPMRA remote attestation workitem and added support for it to the
+ Attestation IMV.
+
+- Compatibility issues between IPComp (compress=yes) and leftfirewall=yes as
+ well as multiple subnets in left|rightsubnet have been fixed.
+
+- When enabling its "session" strongswan.conf option, the xauth-pam plugin opens
+ and closes a PAM session for each established IKE_SA. Patch courtesy of
+ Andrea Bonomi.
+
+- The strongSwan unit testing framework has been rewritten without the "check"
+ dependency for improved flexibility and portability. It now properly supports
+ multi-threaded and memory leak testing and brings a bunch of new test cases.
+
+
+strongswan-5.1.1
+----------------
+
+- Fixed a denial-of-service vulnerability and potential authorization bypass
+ triggered by a crafted ID_DER_ASN1_DN ID payload. The cause is an insufficient
+ length check when comparing such identities. The vulnerability has been
+ registered as CVE-2013-6075.
+
+- Fixed a denial-of-service vulnerability triggered by a crafted IKEv1
+ fragmentation payload. The cause is a NULL pointer dereference. The
+ vulnerability has been registered as CVE-2013-6076.
+
+- The lean stand-alone pt-tls-client can set up a RFC 6876 PT-TLS session
+ with a strongSwan policy enforcement point which uses the tnc-pdp charon
+ plugin.
+
+- The new TCG TNC SWID IMC/IMV pair supports targeted SWID requests for either
+ full SWID Tag or concise SWID Tag ID inventories.
+
+- The XAuth backend in eap-radius now supports multiple XAuth exchanges for
+ different credential types and display messages. All user input gets
+ concatenated and verified with a single User-Password RADIUS attribute on
+ the AAA. With an AAA supporting it, one for example can implement
+ Password+Token authentication with proper dialogs on iOS and OS X clients.
+
+- charon supports IKEv1 Mode Config exchange in push mode. The ipsec.conf
+ modeconfig=push option enables it for both client and server, the same way
+ as pluto used it.
+
+- Using the "ah" ipsec.conf keyword on both IKEv1 and IKEv2 connections,
+ charon can negotiate and install Security Associations integrity-protected by
+ the Authentication Header protocol. Supported are plain AH(+IPComp) SAs only,
+ but not the deprecated RFC2401 style ESP+AH bundles.
+
+- The generation of initialization vectors for IKE and ESP (when using libipsec)
+ is now modularized and IVs for e.g. AES-GCM are now correctly allocated
+ sequentially, while other algorithms like AES-CBC still use random IVs.
+
+- The left and right options in ipsec.conf can take multiple address ranges
+ and subnets. This allows connection matching against a larger set of
+ addresses, for example to use a different connection for clients connecting
+ from a internal network.
+
+- For all those who have a queasy feeling about the NIST elliptic curve set,
+ the Brainpool curves introduced for use with IKE by RFC 6932 might be a
+ more trustworthy alternative.
+
+- The kernel-libipsec userland IPsec backend now supports usage statistics,
+ volume based rekeying and accepts ESPv3 style TFC padded packets.
+
+- With two new strongswan.conf options fwmarks can be used to implement
+ host-to-host tunnels with kernel-libipsec.
+
+- load-tester supports transport mode connections and more complex traffic
+ selectors, including such using unique ports for each tunnel.
+
+- The new dnscert plugin provides support for authentication via CERT RRs that
+ are protected via DNSSEC. The plugin was created by Ruslan N. Marchenko.
+
+- The eap-radius plugin supports forwarding of several Cisco Unity specific
+ RADIUS attributes in corresponding configuration payloads.
+
+- Database transactions are now abstracted and implemented by the two backends.
+ If you use MySQL make sure all tables use the InnoDB engine.
+
+- libstrongswan now can provide an experimental custom implementation of the
+ printf family functions based on klibc if neither Vstr nor glibc style printf
+ hooks are available. This can avoid the Vstr dependency on some systems at
+ the cost of slower and less complete printf functions.
+
+
+strongswan-5.1.0
+----------------
+
+- Fixed a denial-of-service vulnerability triggered by specific XAuth usernames
+ and EAP identities (since 5.0.3), and PEM files (since 4.1.11). The crash
+ was caused by insufficient error handling in the is_asn1() function.
+ The vulnerability has been registered as CVE-2013-5018.
+
+- The new charon-cmd command line IKE client can establish road warrior
+ connections using IKEv1 or IKEv2 with different authentication profiles.
+ It does not depend on any configuration files and can be configured using a
+ few simple command line options.
+
+- The kernel-pfroute networking backend has been greatly improved. It now
+ can install virtual IPs on TUN devices on OS X and FreeBSD, allowing these
+ systems to act as a client in common road warrior scenarios.
+
+- The new kernel-libipsec plugin uses TUN devices and libipsec to provide IPsec
+ processing in userland on Linux, FreeBSD and Mac OS X.
+
+- The eap-radius plugin can now serve as an XAuth backend called xauth-radius,
+ directly verifying XAuth credentials using RADIUS User-Name/User-Password
+ attributes. This is more efficient than the existing xauth-eap+eap-radius
+ combination, and allows RADIUS servers without EAP support to act as AAA
+ backend for IKEv1.
+
+- The new osx-attr plugin installs configuration attributes (currently DNS
+ servers) via SystemConfiguration on Mac OS X. The keychain plugin provides
+ certificates from the OS X keychain service.
+
+- The sshkey plugin parses SSH public keys, which, together with the --agent
+ option for charon-cmd, allows the use of ssh-agent for authentication.
+ To configure SSH keys in ipsec.conf the left|rightrsasigkey options are
+ replaced with left|rightsigkey, which now take public keys in one of three
+ formats: SSH (RFC 4253, ssh: prefix), DNSKEY (RFC 3110, dns: prefix), and
+ PKCS#1 (the default, no prefix).
+
+- Extraction of certificates and private keys from PKCS#12 files is now provided
+ by the new pkcs12 plugin or the openssl plugin. charon-cmd (--p12) as well
+ as charon (via P12 token in ipsec.secrets) can make use of this.
+
+- IKEv2 can now negotiate transport mode and IPComp in NAT situations.
+
+- IKEv2 exchange initiators now properly close an established IKE or CHILD_SA
+ on error conditions using an additional exchange, keeping state in sync
+ between peers.
+
+- Using a SQL database interface a Trusted Network Connect (TNC) Policy Manager
+ can generate specific measurement workitems for an arbitrary number of
+ Integrity Measurement Verifiers (IMVs) based on the history of the VPN user
+ and/or device.
+
+- Several core classes in libstrongswan are now tested with unit tests. These
+ can be enabled with --enable-unit-tests and run with 'make check'. Coverage
+ reports can be generated with --enable-coverage and 'make coverage' (this
+ disables any optimization, so it should not be enabled when building
+ production releases).
+
+- The leak-detective developer tool has been greatly improved. It works much
+ faster/stabler with multiple threads, does not use deprecated malloc hooks
+ anymore and has been ported to OS X.
+
+- chunk_hash() is now based on SipHash-2-4 with a random key. This provides
+ better distribution and prevents hash flooding attacks when used with
+ hashtables.
+
+- All default plugins implement the get_features() method to define features
+ and their dependencies. The plugin loader has been improved, so that plugins
+ in a custom load statement can be ordered freely or to express preferences
+ without being affected by dependencies between plugin features.
+
+- A centralized thread can take care for watching multiple file descriptors
+ concurrently. This removes the need for a dedicated listener threads in
+ various plugins. The number of "reserved" threads for such tasks has been
+ reduced to about five, depending on the plugin configuration.
+
+- Plugins that can be controlled by a UNIX socket IPC mechanism gained network
+ transparency. Third party applications querying these plugins now can use
+ TCP connections from a different host.
+
+- libipsec now supports AES-GCM.
+
+
+strongswan-5.0.4
+----------------
+
+- Fixed a security vulnerability in the openssl plugin which was reported by
+ Kevin Wojtysiak. The vulnerability has been registered as CVE-2013-2944.
+ Before the fix, if the openssl plugin's ECDSA signature verification was used,
+ due to a misinterpretation of the error code returned by the OpenSSL
+ ECDSA_verify() function, an empty or zeroed signature was accepted as a
+ legitimate one.
+
+- The handling of a couple of other non-security relevant openssl return codes
+ was fixed as well.
+
+- The tnc_ifmap plugin now publishes virtual IPv4 and IPv6 addresses via its
+ TCG TNC IF-MAP 2.1 interface.
+
+- The charon.initiator_only option causes charon to ignore IKE initiation
+ requests.
+
+- The openssl plugin can now use the openssl-fips library.
+
+
+strongswan-5.0.3
+----------------
+
+- The new ipseckey plugin enables authentication based on trustworthy public
+ keys stored as IPSECKEY resource records in the DNS and protected by DNSSEC.
+ To do so it uses a DNSSEC enabled resolver, like the one provided by the new
+ unbound plugin, which is based on libldns and libunbound. Both plugins were
+ created by Reto Guadagnini.
+
+- Implemented the TCG TNC IF-IMV 1.4 draft making access requestor identities
+ available to an IMV. The OS IMV stores the AR identity together with the
+ device ID in the attest database.
+
+- The openssl plugin now uses the AES-NI accelerated version of AES-GCM
+ if the hardware supports it.
+
+- The eap-radius plugin can now assign virtual IPs to IKE clients using the
+ Framed-IP-Address attribute by using the "%radius" named pool in the
+ rightsourceip ipsec.conf option. Cisco Banner attributes are forwarded to
+ Unity-capable IKEv1 clients during mode config. charon now sends Interim
+ Accounting updates if requested by the RADIUS server, reports
+ sent/received packets in Accounting messages, and adds a Terminate-Cause
+ to Accounting-Stops.
+
+- The recently introduced "ipsec listcounters" command can report connection
+ specific counters by passing a connection name, and global or connection
+ counters can be reset by the "ipsec resetcounters" command.
+
+- The strongSwan libpttls library provides an experimental implementation of
+ PT-TLS (RFC 6876), a Posture Transport Protocol over TLS.
+
+- The charon systime-fix plugin can disable certificate lifetime checks on
+ embedded systems if the system time is obviously out of sync after bootup.
+ Certificates lifetimes get checked once the system time gets sane, closing
+ or reauthenticating connections using expired certificates.
+
+- The "ikedscp" ipsec.conf option can set DiffServ code points on outgoing
+ IKE packets.
+
+- The new xauth-noauth plugin allows to use basic RSA or PSK authentication with
+ clients that cannot be configured without XAuth authentication. The plugin
+ simply concludes the XAuth exchange successfully without actually performing
+ any authentication. Therefore, to use this backend it has to be selected
+ explicitly with rightauth2=xauth-noauth.
+
+- The new charon-tkm IKEv2 daemon delegates security critical operations to a
+ separate process. This has the benefit that the network facing daemon has no
+ knowledge of keying material used to protect child SAs. Thus subverting
+ charon-tkm does not result in the compromise of cryptographic keys.
+ The extracted functionality has been implemented from scratch in a minimal TCB
+ (trusted computing base) in the Ada programming language. Further information
+ can be found at http://www.codelabs.ch/tkm/.
+
+strongswan-5.0.2
+----------------
+
+- Implemented all IETF Standard PA-TNC attributes and an OS IMC/IMV
+ pair using them to transfer operating system information.
+
+- The new "ipsec listcounters" command prints a list of global counter values
+ about received and sent IKE messages and rekeyings.
+
+- A new lookip plugin can perform fast lookup of tunnel information using a
+ clients virtual IP and can send notifications about established or deleted
+ tunnels. The "ipsec lookip" command can be used to query such information
+ or receive notifications.
+
+- The new error-notify plugin catches some common error conditions and allows
+ an external application to receive notifications for them over a UNIX socket.
+
+- IKE proposals can now use a PRF algorithm different to that defined for
+ integrity protection. If an algorithm with a "prf" prefix is defined
+ explicitly (such as prfsha1 or prfsha256), no implicit PRF algorithm based on
+ the integrity algorithm is added to the proposal.
+
+- The pkcs11 plugin can now load leftcert certificates from a smartcard for a
+ specific ipsec.conf conn section and cacert CA certificates for a specific ca
+ section.
+
+- The load-tester plugin gained additional options for certificate generation
+ and can load keys and multiple CA certificates from external files. It can
+ install a dedicated outer IP address for each tunnel and tunnel initiation
+ batches can be triggered and monitored externally using the
+ "ipsec load-tester" tool.
+
+- PKCS#7 container parsing has been modularized, and the openssl plugin
+ gained an alternative implementation to decrypt and verify such files.
+ In contrast to our own DER parser, OpenSSL can handle BER files, which is
+ required for interoperability of our scepclient with EJBCA.
+
+- Support for the proprietary IKEv1 fragmentation extension has been added.
+ Fragments are always handled on receipt but only sent if supported by the peer
+ and if enabled with the new fragmentation ipsec.conf option.
+
+- IKEv1 in charon can now parse certificates received in PKCS#7 containers and
+ supports NAT traversal as used by Windows clients. Patches courtesy of
+ Volker Rümelin.
+
+- The new rdrand plugin provides a high quality / high performance random
+ source using the Intel rdrand instruction found on Ivy Bridge processors.
+
+- The integration test environment was updated and now uses KVM and reproducible
+ guest images based on Debian.
+
+
+strongswan-5.0.1
+----------------
+
+- Introduced the sending of the standard IETF Assessment Result
+ PA-TNC attribute by all strongSwan Integrity Measurement Verifiers.
+
+- Extended PTS Attestation IMC/IMV pair to provide full evidence of
+ the Linux IMA measurement process. All pertinent file information
+ of a Linux OS can be collected and stored in an SQL database.
+
+- The PA-TNC and PB-TNC protocols can now process huge data payloads
+ >64 kB by distributing PA-TNC attributes over multiple PA-TNC messages
+ and these messages over several PB-TNC batches. As long as no
+ consolidated recommandation from all IMVs can be obtained, the TNC
+ server requests more client data by sending an empty SDATA batch.
+
+- The rightgroups2 ipsec.conf option can require group membership during
+ a second authentication round, for example during XAuth authentication
+ against a RADIUS server.
+
+- The xauth-pam backend can authenticate IKEv1 XAuth and Hybrid authenticated
+ clients against any PAM service. The IKEv2 eap-gtc plugin does not use
+ PAM directly anymore, but can use any XAuth backend to verify credentials,
+ including xauth-pam.
+
+- The new unity plugin brings support for some parts of the IKEv1 Cisco Unity
+ Extension. As client, charon narrows traffic selectors to the received
+ Split-Include attributes and automatically installs IPsec bypass policies
+ for received Local-LAN attributes. As server, charon sends Split-Include
+ attributes for leftsubnet definitions containing multiple subnets to Unity-
+ aware clients.
+
+- An EAP-Nak payload is returned by clients if the gateway requests an EAP
+ method that the client does not support. Clients can also request a specific
+ EAP method by configuring that method with leftauth.
+
+- The eap-dynamic plugin handles EAP-Nak payloads returned by clients and uses
+ these to select a different EAP method supported/requested by the client.
+ The plugin initially requests the first registered method or the first method
+ configured with charon.plugins.eap-dynamic.preferred.
+
+- The new left/rightdns options specify connection specific DNS servers to
+ request/respond in IKEv2 configuration payloads or IKEv2 mode config. leftdns
+ can be any (comma separated) combination of %config4 and %config6 to request
+ multiple servers, both for IPv4 and IPv6. rightdns takes a list of DNS server
+ IP addresses to return.
+
+- The left/rightsourceip options now accept multiple addresses or pools.
+ leftsourceip can be any (comma separated) combination of %config4, %config6
+ or fixed IP addresses to request. rightsourceip accepts multiple explicitly
+ specified or referenced named pools.
+
+- Multiple connections can now share a single address pool when they use the
+ same definition in one of the rightsourceip pools.
+
+- The options charon.interfaces_ignore and charon.interfaces_use allow one to
+ configure the network interfaces used by the daemon.
+
+- The kernel-netlink plugin supports the charon.install_virtual_ip_on option,
+ which specifies the interface on which virtual IP addresses will be installed.
+ If it is not specified the current behavior of using the outbound interface
+ is preserved.
+
+- The kernel-netlink plugin tries to keep the current source address when
+ looking for valid routes to reach other hosts.
+
+- The autotools build has been migrated to use a config.h header. strongSwan
+ development headers will get installed during "make install" if
+ --with-dev-headers has been passed to ./configure.
+
+- All crypto primitives gained return values for most operations, allowing
+ crypto backends to fail, for example when using hardware accelerators.
+
+
+strongswan-5.0.0
+----------------
+
+- The charon IKE daemon gained experimental support for the IKEv1 protocol.
+ Pluto has been removed from the 5.x series, and unless strongSwan is
+ configured with --disable-ikev1 or --disable-ikev2, charon handles both
+ keying protocols. The feature-set of IKEv1 in charon is almost on par with
+ pluto, but currently does not support AH or bundled AH+ESP SAs. Beside
+ RSA/ECDSA, PSK and XAuth, charon also supports the Hybrid authentication
+ mode. Informations for interoperability and migration is available at
+ http://wiki.strongswan.org/projects/strongswan/wiki/CharonPlutoIKEv1.
+
+- Charon's bus_t has been refactored so that loggers and other listeners are
+ now handled separately. The single lock was previously cause for deadlocks
+ if extensive listeners, such as the one provided by the updown plugin, wanted
+ to acquire locks that were held by other threads which in turn tried to log
+ messages, and thus were waiting to acquire the same lock currently held by
+ the thread calling the listener.
+ The implemented changes also allow the use of a read/write-lock for the
+ loggers which increases performance if multiple loggers are registered.
+ Besides several interface changes this last bit also changes the semantics
+ for loggers as these may now be called by multiple threads at the same time.
+
+- Source routes are reinstalled if interfaces are reactivated or IP addresses
+ reappear.
+
+- The thread pool (processor_t) now has more control over the lifecycle of
+ a job (see job.h for details). In particular, it now controls the destruction
+ of jobs after execution and the cancellation of jobs during shutdown. Due to
+ these changes the requeueing feature, previously available to callback_job_t
+ only, is now available to all jobs (in addition to a new rescheduling
+ feature).
+
+- In addition to trustchain key strength definitions for different public key
+ systems, the rightauth option now takes a list of signature hash algorithms
+ considered save for trustchain validation. For example, the setting
+ rightauth=rsa-2048-ecdsa-256-sha256-sha384-sha512 requires a trustchain
+ that uses at least RSA-2048 or ECDSA-256 keys and certificate signatures
+ using SHA-256 or better.
+
+
+strongswan-4.6.4
+----------------
+
+- Fixed a security vulnerability in the gmp plugin. If this plugin was used
+ for RSA signature verification an empty or zeroed signature was handled as
+ a legitimate one.
+
+- Fixed several issues with reauthentication and address updates.
+
+
+strongswan-4.6.3
+----------------
+
+- The tnc-pdp plugin implements a RADIUS server interface allowing
+ a strongSwan TNC server to act as a Policy Decision Point.
+
+- The eap-radius authentication backend enforces Session-Timeout attributes
+ using RFC4478 repeated authentication and acts upon RADIUS Dynamic
+ Authorization extensions, RFC 5176. Currently supported are disconnect
+ requests and CoA messages containing a Session-Timeout.
+
+- The eap-radius plugin can forward arbitrary RADIUS attributes from and to
+ clients using custom IKEv2 notify payloads. The new radattr plugin reads
+ attributes to include from files and prints received attributes to the
+ console.
+
+- Added support for untruncated MD5 and SHA1 HMACs in ESP as used in
+ RFC 4595.
+
+- The cmac plugin implements the AES-CMAC-96 and AES-CMAC-PRF-128 algorithms
+ as defined in RFC 4494 and RFC 4615, respectively.
+
+- The resolve plugin automatically installs nameservers via resolvconf(8),
+ if it is installed, instead of modifying /etc/resolv.conf directly.
+
+- The IKEv2 charon daemon supports now raw RSA public keys in RFC 3110
+ DNSKEY and PKCS#1 file format.
+
+
+strongswan-4.6.2
+----------------
+
+- Upgraded the TCG IF-IMC and IF-IMV C API to the upcoming version 1.3
+ which supports IF-TNCCS 2.0 long message types, the exclusive flags
+ and multiple IMC/IMV IDs. Both the TNC Client and Server as well as
+ the "Test", "Scanner", and "Attestation" IMC/IMV pairs were updated.
+
+- Fully implemented the "TCG Attestation PTS Protocol: Binding to IF-M"
+ standard (TLV-based messages only). TPM-based remote attestation of
+ Linux IMA (Integrity Measurement Architecture) possible. Measurement
+ reference values are automatically stored in an SQLite database.
+
+- The EAP-RADIUS authentication backend supports RADIUS accounting. It sends
+ start/stop messages containing Username, Framed-IP and Input/Output-Octets
+ attributes and has been tested against FreeRADIUS and Microsoft NPS.
+
+- Added support for PKCS#8 encoded private keys via the libstrongswan
+ pkcs8 plugin. This is the default format used by some OpenSSL tools since
+ version 1.0.0 (e.g. openssl req with -keyout).
+
+- Added session resumption support to the strongSwan TLS stack.
+
+
+strongswan-4.6.1
+----------------
+
+- Because of changing checksums before and after installation which caused
+ the integrity tests to fail we avoided directly linking libsimaka, libtls and
+ libtnccs to those libcharon plugins which make use of these dynamic libraries.
+ Instead we linked the libraries to the charon daemon. Unfortunately Ubuntu
+ 11.10 activated the --as-needed ld option which discards explicit links
+ to dynamic libraries that are not actually used by the charon daemon itself,
+ thus causing failures during the loading of the plugins which depend on these
+ libraries for resolving external symbols.
+
+- Therefore our approach of computing integrity checksums for plugins had to be
+ changed radically by moving the hash generation from the compilation to the
+ post-installation phase.
+
+
+strongswan-4.6.0
+----------------
+
+- The new libstrongswan certexpire plugin collects expiration information of
+ all used certificates and exports them to CSV files. It either directly
+ exports them or uses cron style scheduling for batch exports.
+
+- starter passes unresolved hostnames to charon, allowing it to do name
+ resolution not before the connection attempt. This is especially useful with
+ connections between hosts using dynamic IP addresses. Thanks to Mirko Parthey
+ for the initial patch.
+
+- The android plugin can now be used without the Android frontend patch and
+ provides DNS server registration and logging to logcat.
+
+- Pluto and starter (plus stroke and whack) have been ported to Android.
+
+- Support for ECDSA private and public key operations has been added to the
+ pkcs11 plugin. The plugin now also provides DH and ECDH via PKCS#11 and can
+ use tokens as random number generators (RNG). By default only private key
+ operations are enabled, more advanced features have to be enabled by their
+ option in strongswan.conf. This also applies to public key operations (even
+ for keys not stored on the token) which were enabled by default before.
+
+- The libstrongswan plugin system now supports detailed plugin dependencies.
+ Many plugins have been extended to export its capabilities and requirements.
+ This allows the plugin loader to resolve plugin loading order automatically,
+ and in future releases, to dynamically load the required features on demand.
+ Existing third party plugins are source (but not binary) compatible if they
+ properly initialize the new get_features() plugin function to NULL.
+
+- The tnc-ifmap plugin implements a TNC IF-MAP 2.0 client which can deliver
+ metadata about IKE_SAs via a SOAP interface to a MAP server. The tnc-ifmap
+ plugin requires the Apache Axis2/C library.
+
+
+strongswan-4.5.3
+----------------
+
+- Our private libraries (e.g. libstrongswan) are not installed directly in
+ prefix/lib anymore. Instead a subdirectory is used (prefix/lib/ipsec/ by
+ default). The plugins directory is also moved from libexec/ipsec/ to that
+ directory.
+
+- The dynamic IMC/IMV libraries were moved from the plugins directory to
+ a new imcvs directory in the prefix/lib/ipsec/ subdirectory.
+
+- Job priorities were introduced to prevent thread starvation caused by too
+ many threads handling blocking operations (such as CRL fetching). Refer to
+ strongswan.conf(5) for details.
+
+- Two new strongswan.conf options allow to fine-tune performance on IKEv2
+ gateways by dropping IKE_SA_INIT requests on high load.
+
+- IKEv2 charon daemon supports start PASS and DROP shunt policies
+ preventing traffic to go through IPsec connections. Installation of the
+ shunt policies either via the XFRM netfilter or PFKEYv2 IPsec kernel
+ interfaces.
+
+- The history of policies installed in the kernel is now tracked so that e.g.
+ trap policies are correctly updated when reauthenticated SAs are terminated.
+
+- IMC/IMV Scanner pair implementing the RFC 5792 PA-TNC (IF-M) protocol.
+ Using "netstat -l" the IMC scans open listening ports on the TNC client
+ and sends a port list to the IMV which based on a port policy decides if
+ the client is admitted to the network.
+ (--enable-imc-scanner/--enable-imv-scanner).
+
+- IMC/IMV Test pair implementing the RFC 5792 PA-TNC (IF-M) protocol.
+ (--enable-imc-test/--enable-imv-test).
+
+- The IKEv2 close action does not use the same value as the ipsec.conf dpdaction
+ setting, but the value defined by its own closeaction keyword. The action
+ is triggered if the remote peer closes a CHILD_SA unexpectedly.
+
+
+strongswan-4.5.2
+----------------
+
+- The whitelist plugin for the IKEv2 daemon maintains an in-memory identity
+ whitelist. Any connection attempt of peers not whitelisted will get rejected.
+ The 'ipsec whitelist' utility provides a simple command line frontend for
+ whitelist administration.
+
+- The duplicheck plugin provides a specialized form of duplicate checking,
+ doing a liveness check on the old SA and optionally notify a third party
+ application about detected duplicates.
+
+- The coupling plugin permanently couples two or more devices by limiting
+ authentication to previously used certificates.
+
+- In the case that the peer config and child config don't have the same name
+ (usually in SQL database defined connections), ipsec up|route <peer config>
+ starts|routes all associated child configs and ipsec up|route <child config>
+ only starts|routes the specific child config.
+
+- fixed the encoding and parsing of X.509 certificate policy statements (CPS).
+
+- Duncan Salerno contributed the eap-sim-pcsc plugin implementing a
+ pcsc-lite based SIM card backend.
+
+- The eap-peap plugin implements the EAP PEAP protocol. Interoperates
+ successfully with a FreeRADIUS server and Windows 7 Agile VPN clients.
+
+- The IKEv2 daemon charon rereads strongswan.conf on SIGHUP and instructs
+ all plugins to reload. Currently only the eap-radius and the attr plugins
+ support configuration reloading.
+
+- Added userland support to the IKEv2 daemon for Extended Sequence Numbers
+ support coming with Linux 2.6.39. To enable ESN on a connection, add
+ the 'esn' keyword to the proposal. The default proposal uses 32-bit sequence
+ numbers only ('noesn'), and the same value is used if no ESN mode is
+ specified. To negotiate ESN support with the peer, include both, e.g.
+ esp=aes128-sha1-esn-noesn.
+
+- In addition to ESN, Linux 2.6.39 gained support for replay windows larger
+ than 32 packets. The new global strongswan.conf option 'charon.replay_window'
+ configures the size of the replay window, in packets.
+
+
+strongswan-4.5.1
+----------------
+
+- Sansar Choinyambuu implemented the RFC 5793 Posture Broker Protocol (BP)
+ compatible with Trusted Network Connect (TNC). The TNCCS 2.0 protocol
+ requires the tnccs_20, tnc_imc and tnc_imv plugins but does not depend
+ on the libtnc library. Any available IMV/IMC pairs conforming to the
+ Trusted Computing Group's TNC-IF-IMV/IMC 1.2 interface specification
+ can be loaded via /etc/tnc_config.
+
+- Re-implemented the TNCCS 1.1 protocol by using the tnc_imc and tnc_imv
+ in place of the external libtnc library.
+
+- The tnccs_dynamic plugin loaded on a TNC server in addition to the
+ tnccs_11 and tnccs_20 plugins, dynamically detects the IF-TNCCS
+ protocol version used by a TNC client and invokes an instance of
+ the corresponding protocol stack.
+
+- IKE and ESP proposals can now be stored in an SQL database using a
+ new proposals table. The start_action field in the child_configs
+ tables allows the automatic starting or routing of connections stored
+ in an SQL database.
+
+- The new certificate_authorities and certificate_distribution_points
+ tables make it possible to store CRL and OCSP Certificate Distribution
+ points in an SQL database.
+
+- The new 'include' statement allows to recursively include other files in
+ strongswan.conf. Existing sections and values are thereby extended and
+ replaced, respectively.
+
+- Due to the changes in the parser for strongswan.conf, the configuration
+ syntax for the attr plugin has changed. Previously, it was possible to
+ specify multiple values of a specific attribute type by adding multiple
+ key/value pairs with the same key (e.g. dns) to the plugins.attr section.
+ Because values with the same key now replace previously defined values
+ this is not possible anymore. As an alternative, multiple values can be
+ specified by separating them with a comma (e.g. dns = 1.2.3.4, 2.3.4.5).
+
+- ipsec listalgs now appends (set in square brackets) to each crypto
+ algorithm listed the plugin that registered the function.
+
+- Traffic Flow Confidentiality padding supported with Linux 2.6.38 can be used
+ by the IKEv2 daemon. The ipsec.conf 'tfc' keyword pads all packets to a given
+ boundary, the special value '%mtu' pads all packets to the path MTU.
+
+- The new af-alg plugin can use various crypto primitives of the Linux Crypto
+ API using the AF_ALG interface introduced with 2.6.38. This removes the need
+ for additional userland implementations of symmetric cipher, hash, hmac and
+ xcbc algorithms.
+
+- The IKEv2 daemon supports the INITIAL_CONTACT notify as initiator and
+ responder. The notify is sent when initiating configurations with a unique
+ policy, set in ipsec.conf via the global 'uniqueids' option.
+
+- The conftest conformance testing framework enables the IKEv2 stack to perform
+ many tests using a distinct tool and configuration frontend. Various hooks
+ can alter reserved bits, flags, add custom notifies and proposals, reorder
+ or drop messages and much more. It is enabled using the --enable-conftest
+ ./configure switch.
+
+- The new libstrongswan constraints plugin provides advanced X.509 constraint
+ checking. In addition to X.509 pathLen constraints, the plugin checks for
+ nameConstraints and certificatePolicies, including policyMappings and
+ policyConstraints. The x509 certificate plugin and the pki tool have been
+ enhanced to support these extensions. The new left/rightcertpolicy ipsec.conf
+ connection keywords take OIDs a peer certificate must have.
+
+- The left/rightauth ipsec.conf keywords accept values with a minimum strength
+ for trustchain public keys in bits, such as rsa-2048 or ecdsa-256.
+
+- The revocation and x509 libstrongswan plugins and the pki tool gained basic
+ support for delta CRLs.
+
strongswan-4.5.0
----------------
of Integrity Measurement Collector/Verifier pairs can be attached
via the tnc-imc and tnc-imv charon plugins.
+- The IKEv1 daemon pluto now uses the same kernel interfaces as the IKEv2
+ daemon charon. As a result of this, pluto now supports xfrm marks which
+ were introduced in charon with 4.4.1.
+
+- Applets for Maemo 5 (Nokia) allow to easily configure and control IKEv2
+ based VPN connections with EAP authentication on supported devices.
+
+- The RADIUS plugin eap-radius now supports multiple RADIUS servers for
+ redundant setups. Servers are selected by a defined priority, server load and
+ availability.
+
+- The simple led plugin controls hardware LEDs through the Linux LED subsystem.
+ It currently shows activity of the IKE daemon and is a good example how to
+ implement a simple event listener.
+
+- Improved MOBIKE behavior in several corner cases, for instance, if the
+ initial responder moves to a different address.
+
+- Fixed left-/rightnexthop option, which was broken since 4.4.0.
+
- Fixed a bug not releasing a virtual IP address to a pool if the XAUTH
identity was different from the IKE identity.
+- Fixed the alignment of ModeConfig messages on 4-byte boundaries in the
+ case where the attributes are not a multiple of 4 bytes (e.g. Cisco's
+ UNITY_BANNER).
+
+- Fixed the interoperability of the socket_raw and socket_default
+ charon plugins.
+
- Added man page for strongswan.conf
CREATE_CHILD_SA request was sent. 2) Sending an IKE_AUTH request with either
a missing TSi or TSr payload caused a null pointer derefence because the
checks for TSi and TSr were interchanged. The IKEv2 fuzzer used was
- developped by the Orange Labs vulnerability research team. The tool was
+ developed by the Orange Labs vulnerability research team. The tool was
initially written by Gabriel Campana and is now maintained by Laurent Butti.
- Added support for AES counter mode in ESP in IKEv2 using the proposal
-----------------
- The new server-side EAP RADIUS plugin (--enable-eap-radius)
- relays EAP messages to and from a RADIUS server. Succesfully
+ relays EAP messages to and from a RADIUS server. Successfully
tested with with a freeradius server using EAP-MD5 and EAP-SIM.
- A vulnerability in the Dead Peer Detection (RFC 3706) code was found by
- Fixed a use-after-free bug in the DPD timeout section of the
IKEv1 pluto daemon which sporadically caused a segfault.
-- Fixed a crash in the IKEv2 charon daemon occuring with
+- Fixed a crash in the IKEv2 charon daemon occurring with
mixed RAM-based and SQL-based virtual IP address pools.
- Fixed ASN.1 parsing of algorithmIdentifier objects where the
The installpolicy=no option allows peaceful cooperation with a dominant
mip6d daemon and the new type=transport_proxy implements the special MIPv6
IPsec transport proxy mode where the IKEv2 daemon uses the Care-of-Address
- but the IPsec SA is set up for the Home Adress.
+ but the IPsec SA is set up for the Home Address.
- Implemented migration of Mobile IPv6 connections using the KMADDRESS
field contained in XFRM_MSG_MIGRATE messages sent by the mip6d daemon
connection setups over new ones, where the value "replace" replaces existing
connections.
-- The crypto factory in libstrongswan additionaly supports random number
+- The crypto factory in libstrongswan additionally supports random number
generators, plugins may provide other sources of randomness. The default
plugin reads raw random data from /dev/(u)random.
is provided and more advanced backends (using e.g. a database) are trivial
to implement.
- - Fixed a compilation failure in libfreeswan occuring with Linux kernel
+ - Fixed a compilation failure in libfreeswan occurring with Linux kernel
headers > 2.6.17.
the successful setup and teardown of an IPsec SA, respectively.
left|rightfirwall can be used with KLIPS under any Linux 2.4
kernel or with NETKEY under a Linux kernel version >= 2.6.16
- in conjuction with iptables >= 1.3.5. For NETKEY under a Linux
+ in conjunction with iptables >= 1.3.5. For NETKEY under a Linux
kernel version < 2.6.16 which does not support IPsec policy
matching yet, please continue to use a copy of the _updown_espmark
template loaded via the left|rightupdown keyword.
and reduces the well-known four tunnel case on VPN gateways to
a single tunnel definition (see README section 2.4).
-- Fixed a bug occuring with NAT-Traversal enabled when the responder
+- Fixed a bug occurring with NAT-Traversal enabled when the responder
suddenly turns initiator and the initiator cannot find a matching
connection because of the floated IKE port 4500.
- Introduced the ipsec auto --listalgs monitoring command which lists
all currently registered IKE and ESP algorithms.
-- Fixed a bug in the ESP algorithm selection occuring when the strict flag
+- Fixed a bug in the ESP algorithm selection occurring when the strict flag
is set and the first proposed transform does not match.
- Fixed another deadlock in the use of the lock_certs_and_keys() mutex,
- occuring when a smartcard is present.
+ occurring when a smartcard is present.
- Prevented that a superseded Phase1 state can trigger a DPD_TIMEOUT event.