+strongswan-5.3.0
+----------------
+
+- Added support for IKEv2 make-before-break reauthentication. By using a global
+ CHILD_SA reqid allocation mechanism, charon supports overlapping CHILD_SAs.
+ This allows the use of make-before-break instead of the previously supported
+ break-before-make reauthentication, avoiding connectivity gaps during that
+ procedure. As the new mechanism may fail with peers not supporting it (such
+ as any previous strongSwan release) it must be explicitly enabled using
+ the charon.make_before_break strongswan.conf option.
+
+- Support for "Signature Authentication in IKEv2" (RFC 7427) has been added.
+ This allows the use of stronger hash algorithms for public key authentication.
+ By default, signature schemes are chosen based on the strength of the
+ signature key, but specific hash algorithms may be configured in leftauth.
+
+- Key types and hash algorithms specified in rightauth are now also checked
+ against IKEv2 signature schemes. If such constraints are used for certificate
+ chain validation in existing configurations, in particular with peers that
+ don't support RFC 7427, it may be necessary to disable this feature with the
+ charon.signature_authentication_constraints setting, because the signature
+ scheme used in classic IKEv2 public key authentication may not be strong
+ enough.
+
+- The new connmark plugin allows a host to bind conntrack flows to a specific
+ CHILD_SA by applying and restoring the SA mark to conntrack entries. This
+ allows a peer to handle multiple transport mode connections coming over the
+ same NAT device for client-initiated flows. A common use case is to protect
+ L2TP/IPsec, as supported by some systems.
+
+- The forecast plugin can forward broadcast and multicast messages between
+ connected clients and a LAN. For CHILD_SA using unique marks, it sets up
+ the required Netfilter rules and uses a multicast/broadcast listener that
+ forwards such messages to all connected clients. This plugin is designed for
+ Windows 7 IKEv2 clients, which announces its services over the tunnel if the
+ negotiated IPsec policy allows it.
+
+- For the vici plugin a Python Egg has been added to allow Python applications
+ to control or monitor the IKE daemon using the VICI interface, similar to the
+ existing ruby gem. The Python library has been contributed by Björn Schuberg.
+
+- EAP server methods now can fulfill public key constraints, such as rightcert
+ or rightca. Additionally, public key and signature constraints can be
+ specified for EAP methods in the rightauth keyword. Currently the EAP-TLS and
+ EAP-TTLS methods provide verification details to constraints checking.
+
+- Upgrade of the BLISS post-quantum signature algorithm to the improved BLISS-B
+ variant. Can be used in conjunction with the SHA256, SHA384 and SHA512 hash
+ algorithms with SHA512 being the default.
+
+- The IF-IMV 1.4 interface now makes the IP address of the TNC access requestor
+ as seen by the TNC server available to all IMVs. This information can be
+ forwarded to policy enforcement points (e.g. firewalls or routers).
+
+- The new mutual tnccs-20 plugin parameter activates mutual TNC measurements
+ in PB-TNC half-duplex mode between two endpoints over either a PT-EAP or
+ PT-TLS transport medium.
+
+
+strongswan-5.2.2
+----------------
+
+- Fixed a denial-of-service vulnerability triggered by an IKEv2 Key Exchange
+ payload that contains the Diffie-Hellman group 1025. This identifier was
+ used internally for DH groups with custom generator and prime. Because
+ these arguments are missing when creating DH objects based on the KE payload
+ an invalid pointer dereference occurred. This allowed an attacker to crash
+ the IKE daemon with a single IKE_SA_INIT message containing such a KE
+ payload. The vulnerability has been registered as CVE-2014-9221.
+
+- The left/rightid options in ipsec.conf, or any other identity in strongSwan,
+ now accept prefixes to enforce an explicit type, such as email: or fqdn:.
+ Note that no conversion is done for the remaining string, refer to
+ ipsec.conf(5) for details.
+
+- The post-quantum Bimodal Lattice Signature Scheme (BLISS) can be used as
+ an IKEv2 public key authentication method. The pki tool offers full support
+ for the generation of BLISS key pairs and certificates.
+
+- Fixed mapping of integrity algorithms negotiated for AH via IKEv1. This could
+ cause interoperability issues when connecting to older versions of charon.
+
+
+strongswan-5.2.1
+----------------
+
+- The new charon-systemd IKE daemon implements an IKE daemon tailored for use
+ with systemd. It avoids the dependency on ipsec starter and uses swanctl
+ as configuration backend, building a simple and lightweight solution. It
+ supports native systemd journal logging.
+
+- Support for IKEv2 fragmentation as per RFC 7383 has been added. Like IKEv1
+ fragmentation it can be enabled by setting fragmentation=yes in ipsec.conf.
+
+- Support of the TCG TNC IF-M Attribute Segmentation specification proposal.
+ All attributes can be segmented. Additionally TCG/SWID Tag, TCG/SWID Tag ID
+ and IETF/Installed Packages attributes can be processed incrementally on a
+ per segment basis.
+
+- The new ext-auth plugin calls an external script to implement custom IKE_SA
+ authorization logic, courtesy of Vyronas Tsingaras.
+
+- For the vici plugin a ruby gem has been added to allow ruby applications
+ to control or monitor the IKE daemon. The vici documentation has been updated
+ to include a description of the available operations and some simple examples
+ using both the libvici C interface and the ruby gem.
+
+
+strongswan-5.2.0
+----------------
+
+- strongSwan has been ported to the Windows platform. Using a MinGW toolchain,
+ many parts of the strongSwan codebase run natively on Windows 7 / 2008 R2
+ and newer releases. charon-svc implements a Windows IKE service based on
+ libcharon, the kernel-iph and kernel-wfp plugins act as networking and IPsec
+ backend on the Windows platform. socket-win provides a native IKE socket
+ implementation, while winhttp fetches CRL and OCSP information using the
+ WinHTTP API.
+
+- The new vici plugin provides a Versatile IKE Configuration Interface for
+ charon. Using the stable IPC interface, external applications can configure,
+ control and monitor the IKE daemon. Instead of scripting the ipsec tool
+ and generating ipsec.conf, third party applications can use the new interface
+ for more control and better reliability.
+
+- Built upon the libvici client library, swanctl implements the first user of
+ the VICI interface. Together with a swanctl.conf configuration file,
+ connections can be defined, loaded and managed. swanctl provides a portable,
+ complete IKE configuration and control interface for the command line.
+ The first six swanctl example scenarios have been added.
+
+- The SWID IMV implements a JSON-based REST API which allows the exchange
+ of SWID tags and Software IDs with the strongTNC policy manager.
+
+- The SWID IMC can extract all installed packages from the dpkg (Debian,
+ Ubuntu, Linux Mint etc.), rpm (Fedora, RedHat, OpenSUSE, etc.), or
+ pacman (Arch Linux, Manjaro, etc.) package managers, respectively, using the
+ swidGenerator (https://github.com/strongswan/swidGenerator) which generates
+ SWID tags according to the new ISO/IEC 19770-2:2014 standard.
+
+- All IMVs now share the access requestor ID, device ID and product info
+ of an access requestor via a common imv_session object.
+
+- The Attestation IMC/IMV pair supports the IMA-NG measurement format
+ introduced with the Linux 3.13 kernel.
+
+- The aikgen tool generates an Attestation Identity Key bound to a TPM.
+
+- Implemented the PT-EAP transport protocol (RFC 7171) for Trusted Network
+ Connect.
+
+- The ipsec.conf replay_window option defines connection specific IPsec replay
+ windows. Original patch courtesy of Zheng Zhong and Christophe Gouault from
+ 6Wind.
+
+
+strongswan-5.1.3
+----------------
+
+- Fixed an authentication bypass vulnerability triggered by rekeying an
+ unestablished IKEv2 SA while it gets actively initiated. This allowed an
+ attacker to trick a peer's IKE_SA state to established, without the need to
+ provide any valid authentication credentials. The vulnerability has been
+ registered as CVE-2014-2338.
+
+- The acert plugin evaluates X.509 Attribute Certificates. Group membership
+ information encoded as strings can be used to fulfill authorization checks
+ defined with the rightgroups option. Attribute Certificates can be loaded
+ locally or get exchanged in IKEv2 certificate payloads.
+
+- The pki command gained support to generate X.509 Attribute Certificates
+ using the --acert subcommand, while the --print command supports the ac type.
+ The openac utility has been removed in favor of the new pki functionality.
+
+- The libtls TLS 1.2 implementation as used by EAP-(T)TLS and other protocols
+ has been extended by AEAD mode support, currently limited to AES-GCM.
+
+
+strongswan-5.1.2
+----------------
+
+- A new default configuration file layout is introduced. The new default
+ strongswan.conf file mainly includes config snippets from the strongswan.d
+ and strongswan.d/charon directories (the latter containing snippets for all
+ plugins). The snippets, with commented defaults, are automatically
+ generated and installed, if they don't exist yet. They are also installed
+ in $prefix/share/strongswan/templates so existing files can be compared to
+ the current defaults.
+
+- As an alternative to the non-extensible charon.load setting, the plugins
+ to load in charon (and optionally other applications) can now be determined
+ via the charon.plugins.<name>.load setting for each plugin (enabled in the
+ new default strongswan.conf file via the charon.load_modular option).
+ The load setting optionally takes a numeric priority value that allows
+ reordering the plugins (otherwise the default plugin order is preserved).
+
+- All strongswan.conf settings that were formerly defined in library specific
+ "global" sections are now application specific (e.g. settings for plugins in
+ libstrongswan.plugins can now be set only for charon in charon.plugins).
+ The old options are still supported, which now allows to define defaults for
+ all applications in the libstrongswan section.
+
+- The ntru libstrongswan plugin supports NTRUEncrypt as a post-quantum
+ computer IKE key exchange mechanism. The implementation is based on the
+ ntru-crypto library from the NTRUOpenSourceProject. The supported security
+ strengths are ntru112, ntru128, ntru192, and ntru256. Since the private DH
+ group IDs 1030..1033 have been assigned, the strongSwan Vendor ID must be
+ sent (charon.send_vendor_id = yes) in order to use NTRU.
+
+- Defined a TPMRA remote attestation workitem and added support for it to the
+ Attestation IMV.
+
+- Compatibility issues between IPComp (compress=yes) and leftfirewall=yes as
+ well as multiple subnets in left|rightsubnet have been fixed.
+
+- When enabling its "session" strongswan.conf option, the xauth-pam plugin opens
+ and closes a PAM session for each established IKE_SA. Patch courtesy of
+ Andrea Bonomi.
+
+- The strongSwan unit testing framework has been rewritten without the "check"
+ dependency for improved flexibility and portability. It now properly supports
+ multi-threaded and memory leak testing and brings a bunch of new test cases.
+
+
+strongswan-5.1.1
+----------------
+
+- Fixed a denial-of-service vulnerability and potential authorization bypass
+ triggered by a crafted ID_DER_ASN1_DN ID payload. The cause is an insufficient
+ length check when comparing such identities. The vulnerability has been
+ registered as CVE-2013-6075.
+
+- Fixed a denial-of-service vulnerability triggered by a crafted IKEv1
+ fragmentation payload. The cause is a NULL pointer dereference. The
+ vulnerability has been registered as CVE-2013-6076.
+
+- The lean stand-alone pt-tls-client can set up a RFC 6876 PT-TLS session
+ with a strongSwan policy enforcement point which uses the tnc-pdp charon
+ plugin.
+
+- The new TCG TNC SWID IMC/IMV pair supports targeted SWID requests for either
+ full SWID Tag or concise SWID Tag ID inventories.
+
+- The XAuth backend in eap-radius now supports multiple XAuth exchanges for
+ different credential types and display messages. All user input gets
+ concatenated and verified with a single User-Password RADIUS attribute on
+ the AAA. With an AAA supporting it, one for example can implement
+ Password+Token authentication with proper dialogs on iOS and OS X clients.
+
+- charon supports IKEv1 Mode Config exchange in push mode. The ipsec.conf
+ modeconfig=push option enables it for both client and server, the same way
+ as pluto used it.
+
+- Using the "ah" ipsec.conf keyword on both IKEv1 and IKEv2 connections,
+ charon can negotiate and install Security Associations integrity-protected by
+ the Authentication Header protocol. Supported are plain AH(+IPComp) SAs only,
+ but not the deprecated RFC2401 style ESP+AH bundles.
+
+- The generation of initialization vectors for IKE and ESP (when using libipsec)
+ is now modularized and IVs for e.g. AES-GCM are now correctly allocated
+ sequentially, while other algorithms like AES-CBC still use random IVs.
+
+- The left and right options in ipsec.conf can take multiple address ranges
+ and subnets. This allows connection matching against a larger set of
+ addresses, for example to use a different connection for clients connecting
+ from a internal network.
+
+- For all those who have a queasy feeling about the NIST elliptic curve set,
+ the Brainpool curves introduced for use with IKE by RFC 6932 might be a
+ more trustworthy alternative.
+
+- The kernel-libipsec userland IPsec backend now supports usage statistics,
+ volume based rekeying and accepts ESPv3 style TFC padded packets.
+
+- With two new strongswan.conf options fwmarks can be used to implement
+ host-to-host tunnels with kernel-libipsec.
+
+- load-tester supports transport mode connections and more complex traffic
+ selectors, including such using unique ports for each tunnel.
+
+- The new dnscert plugin provides support for authentication via CERT RRs that
+ are protected via DNSSEC. The plugin was created by Ruslan N. Marchenko.
+
+- The eap-radius plugin supports forwarding of several Cisco Unity specific
+ RADIUS attributes in corresponding configuration payloads.
+
+- Database transactions are now abstracted and implemented by the two backends.
+ If you use MySQL make sure all tables use the InnoDB engine.
+
+- libstrongswan now can provide an experimental custom implementation of the
+ printf family functions based on klibc if neither Vstr nor glibc style printf
+ hooks are available. This can avoid the Vstr dependency on some systems at
+ the cost of slower and less complete printf functions.
+
+
+strongswan-5.1.0
+----------------
+
+- Fixed a denial-of-service vulnerability triggered by specific XAuth usernames
+ and EAP identities (since 5.0.3), and PEM files (since 4.1.11). The crash
+ was caused by insufficient error handling in the is_asn1() function.
+ The vulnerability has been registered as CVE-2013-5018.
+
+- The new charon-cmd command line IKE client can establish road warrior
+ connections using IKEv1 or IKEv2 with different authentication profiles.
+ It does not depend on any configuration files and can be configured using a
+ few simple command line options.
+
+- The kernel-pfroute networking backend has been greatly improved. It now
+ can install virtual IPs on TUN devices on OS X and FreeBSD, allowing these
+ systems to act as a client in common road warrior scenarios.
+
+- The new kernel-libipsec plugin uses TUN devices and libipsec to provide IPsec
+ processing in userland on Linux, FreeBSD and Mac OS X.
+
+- The eap-radius plugin can now serve as an XAuth backend called xauth-radius,
+ directly verifying XAuth credentials using RADIUS User-Name/User-Password
+ attributes. This is more efficient than the existing xauth-eap+eap-radius
+ combination, and allows RADIUS servers without EAP support to act as AAA
+ backend for IKEv1.
+
+- The new osx-attr plugin installs configuration attributes (currently DNS
+ servers) via SystemConfiguration on Mac OS X. The keychain plugin provides
+ certificates from the OS X keychain service.
+
+- The sshkey plugin parses SSH public keys, which, together with the --agent
+ option for charon-cmd, allows the use of ssh-agent for authentication.
+ To configure SSH keys in ipsec.conf the left|rightrsasigkey options are
+ replaced with left|rightsigkey, which now take public keys in one of three
+ formats: SSH (RFC 4253, ssh: prefix), DNSKEY (RFC 3110, dns: prefix), and
+ PKCS#1 (the default, no prefix).
+
+- Extraction of certificates and private keys from PKCS#12 files is now provided
+ by the new pkcs12 plugin or the openssl plugin. charon-cmd (--p12) as well
+ as charon (via P12 token in ipsec.secrets) can make use of this.
+
+- IKEv2 can now negotiate transport mode and IPComp in NAT situations.
+
+- IKEv2 exchange initiators now properly close an established IKE or CHILD_SA
+ on error conditions using an additional exchange, keeping state in sync
+ between peers.
+
+- Using a SQL database interface a Trusted Network Connect (TNC) Policy Manager
+ can generate specific measurement workitems for an arbitrary number of
+ Integrity Measurement Verifiers (IMVs) based on the history of the VPN user
+ and/or device.
+
+- Several core classes in libstrongswan are now tested with unit tests. These
+ can be enabled with --enable-unit-tests and run with 'make check'. Coverage
+ reports can be generated with --enable-coverage and 'make coverage' (this
+ disables any optimization, so it should not be enabled when building
+ production releases).
+
+- The leak-detective developer tool has been greatly improved. It works much
+ faster/stabler with multiple threads, does not use deprecated malloc hooks
+ anymore and has been ported to OS X.
+
+- chunk_hash() is now based on SipHash-2-4 with a random key. This provides
+ better distribution and prevents hash flooding attacks when used with
+ hashtables.
+
+- All default plugins implement the get_features() method to define features
+ and their dependencies. The plugin loader has been improved, so that plugins
+ in a custom load statement can be ordered freely or to express preferences
+ without being affected by dependencies between plugin features.
+
+- A centralized thread can take care for watching multiple file descriptors
+ concurrently. This removes the need for a dedicated listener threads in
+ various plugins. The number of "reserved" threads for such tasks has been
+ reduced to about five, depending on the plugin configuration.
+
+- Plugins that can be controlled by a UNIX socket IPC mechanism gained network
+ transparency. Third party applications querying these plugins now can use
+ TCP connections from a different host.
+
+- libipsec now supports AES-GCM.
+
+
+strongswan-5.0.4
+----------------
+
+- Fixed a security vulnerability in the openssl plugin which was reported by
+ Kevin Wojtysiak. The vulnerability has been registered as CVE-2013-2944.
+ Before the fix, if the openssl plugin's ECDSA signature verification was used,
+ due to a misinterpretation of the error code returned by the OpenSSL
+ ECDSA_verify() function, an empty or zeroed signature was accepted as a
+ legitimate one.
+
+- The handling of a couple of other non-security relevant openssl return codes
+ was fixed as well.
+
+- The tnc_ifmap plugin now publishes virtual IPv4 and IPv6 addresses via its
+ TCG TNC IF-MAP 2.1 interface.
+
+- The charon.initiator_only option causes charon to ignore IKE initiation
+ requests.
+
+- The openssl plugin can now use the openssl-fips library.
+
+
+strongswan-5.0.3
+----------------
+
+- The new ipseckey plugin enables authentication based on trustworthy public
+ keys stored as IPSECKEY resource records in the DNS and protected by DNSSEC.
+ To do so it uses a DNSSEC enabled resolver, like the one provided by the new
+ unbound plugin, which is based on libldns and libunbound. Both plugins were
+ created by Reto Guadagnini.
+
+- Implemented the TCG TNC IF-IMV 1.4 draft making access requestor identities
+ available to an IMV. The OS IMV stores the AR identity together with the
+ device ID in the attest database.
+
+- The openssl plugin now uses the AES-NI accelerated version of AES-GCM
+ if the hardware supports it.
+
+- The eap-radius plugin can now assign virtual IPs to IKE clients using the
+ Framed-IP-Address attribute by using the "%radius" named pool in the
+ rightsourceip ipsec.conf option. Cisco Banner attributes are forwarded to
+ Unity-capable IKEv1 clients during mode config. charon now sends Interim
+ Accounting updates if requested by the RADIUS server, reports
+ sent/received packets in Accounting messages, and adds a Terminate-Cause
+ to Accounting-Stops.
+
+- The recently introduced "ipsec listcounters" command can report connection
+ specific counters by passing a connection name, and global or connection
+ counters can be reset by the "ipsec resetcounters" command.
+
+- The strongSwan libpttls library provides an experimental implementation of
+ PT-TLS (RFC 6876), a Posture Transport Protocol over TLS.
+
+- The charon systime-fix plugin can disable certificate lifetime checks on
+ embedded systems if the system time is obviously out of sync after bootup.
+ Certificates lifetimes get checked once the system time gets sane, closing
+ or reauthenticating connections using expired certificates.
+
+- The "ikedscp" ipsec.conf option can set DiffServ code points on outgoing
+ IKE packets.
+
+- The new xauth-noauth plugin allows to use basic RSA or PSK authentication with
+ clients that cannot be configured without XAuth authentication. The plugin
+ simply concludes the XAuth exchange successfully without actually performing
+ any authentication. Therefore, to use this backend it has to be selected
+ explicitly with rightauth2=xauth-noauth.
+
+- The new charon-tkm IKEv2 daemon delegates security critical operations to a
+ separate process. This has the benefit that the network facing daemon has no
+ knowledge of keying material used to protect child SAs. Thus subverting
+ charon-tkm does not result in the compromise of cryptographic keys.
+ The extracted functionality has been implemented from scratch in a minimal TCB
+ (trusted computing base) in the Ada programming language. Further information
+ can be found at http://www.codelabs.ch/tkm/.
+
+strongswan-5.0.2
+----------------
+
+- Implemented all IETF Standard PA-TNC attributes and an OS IMC/IMV
+ pair using them to transfer operating system information.
+
+- The new "ipsec listcounters" command prints a list of global counter values
+ about received and sent IKE messages and rekeyings.
+
+- A new lookip plugin can perform fast lookup of tunnel information using a
+ clients virtual IP and can send notifications about established or deleted
+ tunnels. The "ipsec lookip" command can be used to query such information
+ or receive notifications.
+
+- The new error-notify plugin catches some common error conditions and allows
+ an external application to receive notifications for them over a UNIX socket.
+
+- IKE proposals can now use a PRF algorithm different to that defined for
+ integrity protection. If an algorithm with a "prf" prefix is defined
+ explicitly (such as prfsha1 or prfsha256), no implicit PRF algorithm based on
+ the integrity algorithm is added to the proposal.
+
+- The pkcs11 plugin can now load leftcert certificates from a smartcard for a
+ specific ipsec.conf conn section and cacert CA certificates for a specific ca
+ section.
+
+- The load-tester plugin gained additional options for certificate generation
+ and can load keys and multiple CA certificates from external files. It can
+ install a dedicated outer IP address for each tunnel and tunnel initiation
+ batches can be triggered and monitored externally using the
+ "ipsec load-tester" tool.
+
+- PKCS#7 container parsing has been modularized, and the openssl plugin
+ gained an alternative implementation to decrypt and verify such files.
+ In contrast to our own DER parser, OpenSSL can handle BER files, which is
+ required for interoperability of our scepclient with EJBCA.
+
+- Support for the proprietary IKEv1 fragmentation extension has been added.
+ Fragments are always handled on receipt but only sent if supported by the peer
+ and if enabled with the new fragmentation ipsec.conf option.
+
+- IKEv1 in charon can now parse certificates received in PKCS#7 containers and
+ supports NAT traversal as used by Windows clients. Patches courtesy of
+ Volker Rümelin.
+
+- The new rdrand plugin provides a high quality / high performance random
+ source using the Intel rdrand instruction found on Ivy Bridge processors.
+
+- The integration test environment was updated and now uses KVM and reproducible
+ guest images based on Debian.
+
+
+strongswan-5.0.1
+----------------
+
+- Introduced the sending of the standard IETF Assessment Result
+ PA-TNC attribute by all strongSwan Integrity Measurement Verifiers.
+
+- Extended PTS Attestation IMC/IMV pair to provide full evidence of
+ the Linux IMA measurement process. All pertinent file information
+ of a Linux OS can be collected and stored in an SQL database.
+
+- The PA-TNC and PB-TNC protocols can now process huge data payloads
+ >64 kB by distributing PA-TNC attributes over multiple PA-TNC messages
+ and these messages over several PB-TNC batches. As long as no
+ consolidated recommandation from all IMVs can be obtained, the TNC
+ server requests more client data by sending an empty SDATA batch.
+
+- The rightgroups2 ipsec.conf option can require group membership during
+ a second authentication round, for example during XAuth authentication
+ against a RADIUS server.
+
+- The xauth-pam backend can authenticate IKEv1 XAuth and Hybrid authenticated
+ clients against any PAM service. The IKEv2 eap-gtc plugin does not use
+ PAM directly anymore, but can use any XAuth backend to verify credentials,
+ including xauth-pam.
+
+- The new unity plugin brings support for some parts of the IKEv1 Cisco Unity
+ Extension. As client, charon narrows traffic selectors to the received
+ Split-Include attributes and automatically installs IPsec bypass policies
+ for received Local-LAN attributes. As server, charon sends Split-Include
+ attributes for leftsubnet definitions containing multiple subnets to Unity-
+ aware clients.
+
+- An EAP-Nak payload is returned by clients if the gateway requests an EAP
+ method that the client does not support. Clients can also request a specific
+ EAP method by configuring that method with leftauth.
+
+- The eap-dynamic plugin handles EAP-Nak payloads returned by clients and uses
+ these to select a different EAP method supported/requested by the client.
+ The plugin initially requests the first registered method or the first method
+ configured with charon.plugins.eap-dynamic.preferred.
+
+- The new left/rightdns options specify connection specific DNS servers to
+ request/respond in IKEv2 configuration payloads or IKEv2 mode config. leftdns
+ can be any (comma separated) combination of %config4 and %config6 to request
+ multiple servers, both for IPv4 and IPv6. rightdns takes a list of DNS server
+ IP addresses to return.
+
+- The left/rightsourceip options now accept multiple addresses or pools.
+ leftsourceip can be any (comma separated) combination of %config4, %config6
+ or fixed IP addresses to request. rightsourceip accepts multiple explicitly
+ specified or referenced named pools.
+
+- Multiple connections can now share a single address pool when they use the
+ same definition in one of the rightsourceip pools.
+
+- The options charon.interfaces_ignore and charon.interfaces_use allow one to
+ configure the network interfaces used by the daemon.
+
+- The kernel-netlink plugin supports the charon.install_virtual_ip_on option,
+ which specifies the interface on which virtual IP addresses will be installed.
+ If it is not specified the current behavior of using the outbound interface
+ is preserved.
+
+- The kernel-netlink plugin tries to keep the current source address when
+ looking for valid routes to reach other hosts.
+
+- The autotools build has been migrated to use a config.h header. strongSwan
+ development headers will get installed during "make install" if
+ --with-dev-headers has been passed to ./configure.
+
+- All crypto primitives gained return values for most operations, allowing
+ crypto backends to fail, for example when using hardware accelerators.
+
+
+strongswan-5.0.0
+----------------
+
+- The charon IKE daemon gained experimental support for the IKEv1 protocol.
+ Pluto has been removed from the 5.x series, and unless strongSwan is
+ configured with --disable-ikev1 or --disable-ikev2, charon handles both
+ keying protocols. The feature-set of IKEv1 in charon is almost on par with
+ pluto, but currently does not support AH or bundled AH+ESP SAs. Beside
+ RSA/ECDSA, PSK and XAuth, charon also supports the Hybrid authentication
+ mode. Informations for interoperability and migration is available at
+ http://wiki.strongswan.org/projects/strongswan/wiki/CharonPlutoIKEv1.
+
+- Charon's bus_t has been refactored so that loggers and other listeners are
+ now handled separately. The single lock was previously cause for deadlocks
+ if extensive listeners, such as the one provided by the updown plugin, wanted
+ to acquire locks that were held by other threads which in turn tried to log
+ messages, and thus were waiting to acquire the same lock currently held by
+ the thread calling the listener.
+ The implemented changes also allow the use of a read/write-lock for the
+ loggers which increases performance if multiple loggers are registered.
+ Besides several interface changes this last bit also changes the semantics
+ for loggers as these may now be called by multiple threads at the same time.
+
+- Source routes are reinstalled if interfaces are reactivated or IP addresses
+ reappear.
+
+- The thread pool (processor_t) now has more control over the lifecycle of
+ a job (see job.h for details). In particular, it now controls the destruction
+ of jobs after execution and the cancellation of jobs during shutdown. Due to
+ these changes the requeueing feature, previously available to callback_job_t
+ only, is now available to all jobs (in addition to a new rescheduling
+ feature).
+
+- In addition to trustchain key strength definitions for different public key
+ systems, the rightauth option now takes a list of signature hash algorithms
+ considered save for trustchain validation. For example, the setting
+ rightauth=rsa-2048-ecdsa-256-sha256-sha384-sha512 requires a trustchain
+ that uses at least RSA-2048 or ECDSA-256 keys and certificate signatures
+ using SHA-256 or better.
+
+
+strongswan-4.6.4
+----------------
+
+- Fixed a security vulnerability in the gmp plugin. If this plugin was used
+ for RSA signature verification an empty or zeroed signature was handled as
+ a legitimate one.
+
+- Fixed several issues with reauthentication and address updates.
+
+
+strongswan-4.6.3
+----------------
+
+- The tnc-pdp plugin implements a RADIUS server interface allowing
+ a strongSwan TNC server to act as a Policy Decision Point.
+
+- The eap-radius authentication backend enforces Session-Timeout attributes
+ using RFC4478 repeated authentication and acts upon RADIUS Dynamic
+ Authorization extensions, RFC 5176. Currently supported are disconnect
+ requests and CoA messages containing a Session-Timeout.
+
+- The eap-radius plugin can forward arbitrary RADIUS attributes from and to
+ clients using custom IKEv2 notify payloads. The new radattr plugin reads
+ attributes to include from files and prints received attributes to the
+ console.
+
+- Added support for untruncated MD5 and SHA1 HMACs in ESP as used in
+ RFC 4595.
+
+- The cmac plugin implements the AES-CMAC-96 and AES-CMAC-PRF-128 algorithms
+ as defined in RFC 4494 and RFC 4615, respectively.
+
+- The resolve plugin automatically installs nameservers via resolvconf(8),
+ if it is installed, instead of modifying /etc/resolv.conf directly.
+
+- The IKEv2 charon daemon supports now raw RSA public keys in RFC 3110
+ DNSKEY and PKCS#1 file format.
+
+
+strongswan-4.6.2
+----------------
+
+- Upgraded the TCG IF-IMC and IF-IMV C API to the upcoming version 1.3
+ which supports IF-TNCCS 2.0 long message types, the exclusive flags
+ and multiple IMC/IMV IDs. Both the TNC Client and Server as well as
+ the "Test", "Scanner", and "Attestation" IMC/IMV pairs were updated.
+
+- Fully implemented the "TCG Attestation PTS Protocol: Binding to IF-M"
+ standard (TLV-based messages only). TPM-based remote attestation of
+ Linux IMA (Integrity Measurement Architecture) possible. Measurement
+ reference values are automatically stored in an SQLite database.
+
+- The EAP-RADIUS authentication backend supports RADIUS accounting. It sends
+ start/stop messages containing Username, Framed-IP and Input/Output-Octets
+ attributes and has been tested against FreeRADIUS and Microsoft NPS.
+
+- Added support for PKCS#8 encoded private keys via the libstrongswan
+ pkcs8 plugin. This is the default format used by some OpenSSL tools since
+ version 1.0.0 (e.g. openssl req with -keyout).
+
+- Added session resumption support to the strongSwan TLS stack.
+
+
+strongswan-4.6.1
+----------------
+
+- Because of changing checksums before and after installation which caused
+ the integrity tests to fail we avoided directly linking libsimaka, libtls and
+ libtnccs to those libcharon plugins which make use of these dynamic libraries.
+ Instead we linked the libraries to the charon daemon. Unfortunately Ubuntu
+ 11.10 activated the --as-needed ld option which discards explicit links
+ to dynamic libraries that are not actually used by the charon daemon itself,
+ thus causing failures during the loading of the plugins which depend on these
+ libraries for resolving external symbols.
+
+- Therefore our approach of computing integrity checksums for plugins had to be
+ changed radically by moving the hash generation from the compilation to the
+ post-installation phase.
+
+
+strongswan-4.6.0
+----------------
+
+- The new libstrongswan certexpire plugin collects expiration information of
+ all used certificates and exports them to CSV files. It either directly
+ exports them or uses cron style scheduling for batch exports.
+
+- starter passes unresolved hostnames to charon, allowing it to do name
+ resolution not before the connection attempt. This is especially useful with
+ connections between hosts using dynamic IP addresses. Thanks to Mirko Parthey
+ for the initial patch.
+
+- The android plugin can now be used without the Android frontend patch and
+ provides DNS server registration and logging to logcat.
+
+- Pluto and starter (plus stroke and whack) have been ported to Android.
+
+- Support for ECDSA private and public key operations has been added to the
+ pkcs11 plugin. The plugin now also provides DH and ECDH via PKCS#11 and can
+ use tokens as random number generators (RNG). By default only private key
+ operations are enabled, more advanced features have to be enabled by their
+ option in strongswan.conf. This also applies to public key operations (even
+ for keys not stored on the token) which were enabled by default before.
+
+- The libstrongswan plugin system now supports detailed plugin dependencies.
+ Many plugins have been extended to export its capabilities and requirements.
+ This allows the plugin loader to resolve plugin loading order automatically,
+ and in future releases, to dynamically load the required features on demand.
+ Existing third party plugins are source (but not binary) compatible if they
+ properly initialize the new get_features() plugin function to NULL.
+
+- The tnc-ifmap plugin implements a TNC IF-MAP 2.0 client which can deliver
+ metadata about IKE_SAs via a SOAP interface to a MAP server. The tnc-ifmap
+ plugin requires the Apache Axis2/C library.
+
+
+strongswan-4.5.3
+----------------
+
+- Our private libraries (e.g. libstrongswan) are not installed directly in
+ prefix/lib anymore. Instead a subdirectory is used (prefix/lib/ipsec/ by
+ default). The plugins directory is also moved from libexec/ipsec/ to that
+ directory.
+
+- The dynamic IMC/IMV libraries were moved from the plugins directory to
+ a new imcvs directory in the prefix/lib/ipsec/ subdirectory.
+
+- Job priorities were introduced to prevent thread starvation caused by too
+ many threads handling blocking operations (such as CRL fetching). Refer to
+ strongswan.conf(5) for details.
+
+- Two new strongswan.conf options allow to fine-tune performance on IKEv2
+ gateways by dropping IKE_SA_INIT requests on high load.
+
+- IKEv2 charon daemon supports start PASS and DROP shunt policies
+ preventing traffic to go through IPsec connections. Installation of the
+ shunt policies either via the XFRM netfilter or PFKEYv2 IPsec kernel
+ interfaces.
+
+- The history of policies installed in the kernel is now tracked so that e.g.
+ trap policies are correctly updated when reauthenticated SAs are terminated.
+
+- IMC/IMV Scanner pair implementing the RFC 5792 PA-TNC (IF-M) protocol.
+ Using "netstat -l" the IMC scans open listening ports on the TNC client
+ and sends a port list to the IMV which based on a port policy decides if
+ the client is admitted to the network.
+ (--enable-imc-scanner/--enable-imv-scanner).
+
+- IMC/IMV Test pair implementing the RFC 5792 PA-TNC (IF-M) protocol.
+ (--enable-imc-test/--enable-imv-test).
+
+- The IKEv2 close action does not use the same value as the ipsec.conf dpdaction
+ setting, but the value defined by its own closeaction keyword. The action
+ is triggered if the remote peer closes a CHILD_SA unexpectedly.
+
+
strongswan-4.5.2
----------------
The 'ipsec whitelist' utility provides a simple command line frontend for
whitelist administration.
+- The duplicheck plugin provides a specialized form of duplicate checking,
+ doing a liveness check on the old SA and optionally notify a third party
+ application about detected duplicates.
+
+- The coupling plugin permanently couples two or more devices by limiting
+ authentication to previously used certificates.
+
- In the case that the peer config and child config don't have the same name
(usually in SQL database defined connections), ipsec up|route <peer config>
starts|routes all associated child configs and ipsec up|route <child config>
pcsc-lite based SIM card backend.
- The eap-peap plugin implements the EAP PEAP protocol. Interoperates
- successfully with a FreeRADIUS server but not yet with a Windows 7
- Agile VPN client.
+ successfully with a FreeRADIUS server and Windows 7 Agile VPN clients.
- The IKEv2 daemon charon rereads strongswan.conf on SIGHUP and instructs
all plugins to reload. Currently only the eap-radius and the attr plugins
support configuration reloading.
+- Added userland support to the IKEv2 daemon for Extended Sequence Numbers
+ support coming with Linux 2.6.39. To enable ESN on a connection, add
+ the 'esn' keyword to the proposal. The default proposal uses 32-bit sequence
+ numbers only ('noesn'), and the same value is used if no ESN mode is
+ specified. To negotiate ESN support with the peer, include both, e.g.
+ esp=aes128-sha1-esn-noesn.
+
+- In addition to ESN, Linux 2.6.39 gained support for replay windows larger
+ than 32 packets. The new global strongswan.conf option 'charon.replay_window'
+ configures the size of the replay window, in packets.
+
strongswan-4.5.1
----------------
./configure switch.
- The new libstrongswan constraints plugin provides advanced X.509 constraint
- checking. In additon to X.509 pathLen constraints, the plugin checks for
+ checking. In addition to X.509 pathLen constraints, the plugin checks for
nameConstraints and certificatePolicies, including policyMappings and
policyConstraints. The x509 certificate plugin and the pki tool have been
enhanced to support these extensions. The new left/rightcertpolicy ipsec.conf
CREATE_CHILD_SA request was sent. 2) Sending an IKE_AUTH request with either
a missing TSi or TSr payload caused a null pointer derefence because the
checks for TSi and TSr were interchanged. The IKEv2 fuzzer used was
- developped by the Orange Labs vulnerability research team. The tool was
+ developed by the Orange Labs vulnerability research team. The tool was
initially written by Gabriel Campana and is now maintained by Laurent Butti.
- Added support for AES counter mode in ESP in IKEv2 using the proposal
-----------------
- The new server-side EAP RADIUS plugin (--enable-eap-radius)
- relays EAP messages to and from a RADIUS server. Succesfully
+ relays EAP messages to and from a RADIUS server. Successfully
tested with with a freeradius server using EAP-MD5 and EAP-SIM.
- A vulnerability in the Dead Peer Detection (RFC 3706) code was found by
- Fixed a use-after-free bug in the DPD timeout section of the
IKEv1 pluto daemon which sporadically caused a segfault.
-- Fixed a crash in the IKEv2 charon daemon occuring with
+- Fixed a crash in the IKEv2 charon daemon occurring with
mixed RAM-based and SQL-based virtual IP address pools.
- Fixed ASN.1 parsing of algorithmIdentifier objects where the
The installpolicy=no option allows peaceful cooperation with a dominant
mip6d daemon and the new type=transport_proxy implements the special MIPv6
IPsec transport proxy mode where the IKEv2 daemon uses the Care-of-Address
- but the IPsec SA is set up for the Home Adress.
+ but the IPsec SA is set up for the Home Address.
- Implemented migration of Mobile IPv6 connections using the KMADDRESS
field contained in XFRM_MSG_MIGRATE messages sent by the mip6d daemon
connection setups over new ones, where the value "replace" replaces existing
connections.
-- The crypto factory in libstrongswan additionaly supports random number
+- The crypto factory in libstrongswan additionally supports random number
generators, plugins may provide other sources of randomness. The default
plugin reads raw random data from /dev/(u)random.
is provided and more advanced backends (using e.g. a database) are trivial
to implement.
- - Fixed a compilation failure in libfreeswan occuring with Linux kernel
+ - Fixed a compilation failure in libfreeswan occurring with Linux kernel
headers > 2.6.17.
the successful setup and teardown of an IPsec SA, respectively.
left|rightfirwall can be used with KLIPS under any Linux 2.4
kernel or with NETKEY under a Linux kernel version >= 2.6.16
- in conjuction with iptables >= 1.3.5. For NETKEY under a Linux
+ in conjunction with iptables >= 1.3.5. For NETKEY under a Linux
kernel version < 2.6.16 which does not support IPsec policy
matching yet, please continue to use a copy of the _updown_espmark
template loaded via the left|rightupdown keyword.
and reduces the well-known four tunnel case on VPN gateways to
a single tunnel definition (see README section 2.4).
-- Fixed a bug occuring with NAT-Traversal enabled when the responder
+- Fixed a bug occurring with NAT-Traversal enabled when the responder
suddenly turns initiator and the initiator cannot find a matching
connection because of the floated IKE port 4500.
- Introduced the ipsec auto --listalgs monitoring command which lists
all currently registered IKE and ESP algorithms.
-- Fixed a bug in the ESP algorithm selection occuring when the strict flag
+- Fixed a bug in the ESP algorithm selection occurring when the strict flag
is set and the first proposed transform does not match.
- Fixed another deadlock in the use of the lock_certs_and_keys() mutex,
- occuring when a smartcard is present.
+ occurring when a smartcard is present.
- Prevented that a superseded Phase1 state can trigger a DPD_TIMEOUT event.
projects / people / ms / strongswan.git / blobdiff