]> git.ipfire.org Git - people/ms/strongswan.git/blobdiff - NEWS
projects / people / ms / strongswan.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Use transport mode ESP SA if IPcomp is used, IPcomp already applies outer IP header
[people/ms/strongswan.git] / NEWS
diff --git a/NEWS b/NEWS
index 54b8a514aae24d2a8c3c96566f7da09d41a367f1..8f71908b5d6b42919ec5aaba833282b3c54f4e03 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -5,7 +5,7 @@ strongswan-4.3.6
 
 - More detailed IKEv2 EAP payload information in debug output
 
-- IKEv2 EAP-SIM and EAP-AKA share joint libsimaka library 
+- IKEv2 EAP-SIM and EAP-AKA share joint libsimaka library
 
 - Added required userland changes for proper SHA256 and SHA384/512 in ESP that
   will be introduced with Linux 2.6.33. The "sha256"/"sha2_256" keyword now
@@ -13,6 +13,10 @@ strongswan-4.3.6
   bit truncation used by previous releases. To use the old 96 bit truncation
   scheme, the new "sha256_96" proposal keyword has been introduced.
 
+- Fixed IPComp in tunnel mode, stripping out the duplicated outer header. This
+  change makes IPcomp tunnel mode connections incompatible with previous
+  releases; disable compression on such tunnels.
+
 strongswan-4.3.5
 ----------------
 
Michael's strongswan development tree