+strongswan-4.3.0
+----------------
+
+- The IKEv2 charon daemon can now configure the ESP CAMELLIA-CBC
+ cipher (esp=camellia128|192|256).
+
+
+strongswan-4.2.14
+-----------------
+
+- The new server-side EAP RADIUS plugin (--enable-eap-radius)
+ relays EAP messages to and from a RADIUS server. Succesfully
+ tested with with a freeradius server using EAP-MD5 and EAP-SIM.
+
+- A vulnerability in the Dead Peer Detection (RFC 3706) code was found by
+ Gerd v. Egidy <gerd.von.egidy@intra2net.com> of Intra2net AG affecting
+ all Openswan and strongSwan releases. A malicious (or expired ISAKMP)
+ R_U_THERE or R_U_THERE_ACK Dead Peer Detection packet can cause the
+ pluto IKE daemon to crash and restart. No authentication or encryption
+ is required to trigger this bug. One spoofed UDP packet can cause the
+ pluto IKE daemon to restart and be unresponsive for a few seconds while
+ restarting. This DPD null state vulnerability has been officially
+ registered as CVE-2009-0790 and is fixed by this release.
+
+- ASN.1 to time_t conversion caused a time wrap-around for
+ dates after Jan 18 03:14:07 UTC 2038 on 32-bit platforms.
+ As a workaround such dates are set to the maximum representable
+ time, i.e. Jan 19 03:14:07 UTC 2038.
+
+- Distinguished Names containing wildcards (*) are not sent in the
+ IDr payload anymore.
+
+
+strongswan-4.2.13
+-----------------
+
+- Fixed a use-after-free bug in the DPD timeout section of the
+ IKEv1 pluto daemon which sporadically caused a segfault.
+
+- Fixed a crash in the IKEv2 charon daemon occuring with
+ mixed RAM-based and SQL-based virtual IP address pools.
+
+- Fixed ASN.1 parsing of algorithmIdentifier objects where the
+ parameters field is optional.
+
+- Ported nm plugin to NetworkManager 7.1.
+
+
+strongswan-4.2.12
+-----------------
+
+- Support of the EAP-MSCHAPv2 protocol enabled by the option
+ --enable-eap-mschapv2. Requires the MD4 hash algorithm enabled
+ either by --enable-md4 or --enable-openssl.
+
+- Assignment of up to two DNS and up to two WINS servers to peers via
+ the IKEv2 Configuration Payload (CP). The IPv4 or IPv6 nameserver
+ addresses are defined in strongswan.conf.
+
+- The strongSwan applet for the Gnome NetworkManager is now built and
+ distributed as a separate tarball under the name NetworkManager-strongswan.
+
+
+strongswan-4.2.11
+-----------------
+
+- Fixed ESP NULL encryption broken by the refactoring of keymat.c.
+ Also introduced proper initialization and disposal of keying material.
+
+- Fixed the missing listing of connection definitions in ipsec statusall
+ broken by an unfortunate local variable overload.
+
+
+strongswan-4.2.10
+-----------------
+
+- Several performance improvements to handle thousands of tunnels with almost
+ linear upscaling. All relevant data structures have been replaced by faster
+ counterparts with better lookup times.
+
+- Better parallelization to run charon on multiple cores. Due to improved
+ ressource locking and other optimizations the daemon can take full
+ advantage of 16 or even more cores.
+
+- The load-tester plugin can use a NULL Diffie-Hellman group and simulate
+ unique identities and certificates by signing peer certificates using a CA
+ on the fly.
+
+- The redesigned stroke in-memory IP pool handles leases. The "ipsec leases"
+ command queries assigned leases.
+
+- Added support for smartcards in charon by using the ENGINE API provided by
+ OpenSSL, based on patches by Michael Roßberg.
+
+- The Padlock plugin supports the hardware RNG found on VIA CPUs to provide a
+ reliable source of randomness.
+
+strongswan-4.2.9
+----------------
+
+- Flexible configuration of logging subsystem allowing to log to multiple
+ syslog facilities or to files using fine-grained log levels for each target.
+
+- Load testing plugin to do stress testing of the IKEv2 daemon against self
+ or another host. Found and fixed issues during tests in the multi-threaded
+ use of the OpenSSL plugin.
+
+- Added profiling code to synchronization primitives to find bottlenecks if
+ running on multiple cores. Found and fixed an issue where parts of the
+ Diffie-Hellman calculation acquired an exclusive lock. This greatly improves
+ parallelization to multiple cores.
+
+- updown script invocation has been separated into a plugin of its own to
+ further slim down the daemon core.
+
+- Separated IKE_SA/CHILD_SA key derivation process into a closed system,
+ allowing future implementations to use a secured environment in e.g. kernel
+ memory or hardware.
+
+- The kernel interface of charon has been modularized. XFRM NETLINK (default)
+ and PFKEY (--enable-kernel-pfkey) interface plugins for the native IPsec
+ stack of the Linux 2.6 kernel as well as a PFKEY interface for the KLIPS
+ IPsec stack (--enable-kernel-klips) are provided.
+
+- Basic Mobile IPv6 support has been introduced, securing Binding Update
+ messages as well as tunneled traffic between Mobile Node and Home Agent.
+ The installpolicy=no option allows peaceful cooperation with a dominant
+ mip6d daemon and the new type=transport_proxy implements the special MIPv6
+ IPsec transport proxy mode where the IKEv2 daemon uses the Care-of-Address
+ but the IPsec SA is set up for the Home Adress.
+
+- Implemented migration of Mobile IPv6 connections using the KMADDRESS
+ field contained in XFRM_MSG_MIGRATE messages sent by the mip6d daemon
+ via the Linux 2.6.28 (or appropriately patched) kernel.
+
+
+strongswan-4.2.8
+----------------
+
+- IKEv2 charon daemon supports authentication based on raw public keys
+ stored in the SQL database backend. The ipsec listpubkeys command
+ lists the available raw public keys via the stroke interface.
+
+- Several MOBIKE improvements: Detect changes in NAT mappings in DPD exchanges,
+ handle events if kernel detects NAT mapping changes in UDP-encapsulated
+ ESP packets (requires kernel patch), reuse old addesses in MOBIKE updates as
+ long as possible and other fixes.
+
+- Fixed a bug in addr_in_subnet() which caused insertion of wrong source
+ routes for destination subnets having netwmasks not being a multiple of 8 bits.
+ Thanks go to Wolfgang Steudel, TU Ilmenau for reporting this bug.
+
+
+strongswan-4.2.7
+----------------
+
+- Fixed a Denial-of-Service vulnerability where an IKE_SA_INIT message with
+ a KE payload containing zeroes only can cause a crash of the IKEv2 charon
+ daemon due to a NULL pointer returned by the mpz_export() function of the
+ GNU Multiprecision Library (GMP). Thanks go to Mu Dynamics Research Labs
+ for making us aware of this problem.
+
+- The new agent plugin provides a private key implementation on top of an
+ ssh-agent.
+
+- The NetworkManager plugin has been extended to support certificate client
+ authentication using RSA keys loaded from a file or using ssh-agent.
+
+- Daemon capability dropping has been ported to libcap and must be enabled
+ explicitly --with-capabilities=libcap. Future version will support the
+ newer libcap2 library.
+
+- ipsec listalgs lists the IKEv2 cryptografic algorithms registered with the
+ charon keying daemon.
+
+
+strongswan-4.2.6
+----------------
+
+- A NetworkManager plugin allows GUI-based configuration of road-warrior
+ clients in a simple way. It features X509 based gateway authentication
+ and EAP client authentication, tunnel setup/teardown and storing passwords
+ in the Gnome Keyring.
+
+- A new EAP-GTC plugin implements draft-sheffer-ikev2-gtc-00.txt and allows
+ username/password authentication against any PAM service on the gateway.
+ The new EAP method interacts nicely with the NetworkManager plugin and allows
+ client authentication against e.g. LDAP.
+
+- Improved support for the EAP-Identity method. The new ipsec.conf eap_identity
+ parameter defines an additional identity to pass to the server in EAP
+ authentication.
+
+- The "ipsec statusall" command now lists CA restrictions, EAP
+ authentication types and EAP identities.
+
+- Fixed two multithreading deadlocks occurring when starting up
+ several hundred tunnels concurrently.
+
+- Fixed the --enable-integrity-test configure option which
+ computes a SHA-1 checksum over the libstrongswan library.
+
+
+strongswan-4.2.5
+----------------
+
+- Consistent logging of IKE and CHILD SAs at the audit (AUD) level.
+
+- Improved the performance of the SQL-based virtual IP address pool
+ by introducing an additional addresses table. The leases table
+ storing only history information has become optional and can be
+ disabled by setting charon.plugins.sql.lease_history = no in
+ strongswan.conf.
+
+- The XFRM_STATE_AF_UNSPEC flag added to xfrm.h allows IPv4-over-IPv6
+ and IPv6-over-IPv4 tunnels with the 2.6.26 and later Linux kernels.
+
+- management of different virtual IP pools for different
+ network interfaces have become possible.
+
+- fixed a bug which prevented the assignment of more than 256
+ virtual IP addresses from a pool managed by an sql database.
+
+- fixed a bug which did not delete own IPCOMP SAs in the kernel.
+
+
+strongswan-4.2.4
+----------------
+
+- Added statistics functions to ipsec pool --status and ipsec pool --leases
+ and input validation checks to various ipsec pool commands.
+
+- ipsec statusall now lists all loaded charon plugins and displays
+ the negotiated IKEv2 cipher suite proposals.
+
+- The openssl plugin supports the elliptic curve Diffie-Hellman groups
+ 19, 20, 21, 25, and 26.
+
+- The openssl plugin supports ECDSA authentication using elliptic curve
+ X.509 certificates.
+
+- Fixed a bug in stroke which caused multiple charon threads to close
+ the file descriptors during packet transfers over the stroke socket.
+
+- ESP sequence numbers are now migrated in IPsec SA updates handled by
+ MOBIKE. Works only with Linux kernels >= 2.6.17.
+
+
+strongswan-4.2.3
+----------------
+
+- Fixed the strongswan.conf path configuration problem that occurred when
+ --sysconfig was not set explicitly in ./configure.
+
+- Fixed a number of minor bugs that where discovered during the 4th
+ IKEv2 interoperability workshop in San Antonio, TX.
+
+
+strongswan-4.2.2
+----------------
+
+- Plugins for libstrongswan and charon can optionally be loaded according
+ to a configuration in strongswan.conf. Most components provide a
+ "load = " option followed by a space separated list of plugins to load.
+ This allows e.g. the fallback from a hardware crypto accelerator to
+ to software-based crypto plugins.
+
+- Charons SQL plugin has been extended by a virtual IP address pool.
+ Configurations with a rightsourceip=%poolname setting query a SQLite or
+ MySQL database for leases. The "ipsec pool" command helps in administrating
+ the pool database. See ipsec pool --help for the available options
+
+- The Authenticated Encryption Algorithms AES-CCM-8/12/16 and AES-GCM-8/12/16
+ for ESP are now supported starting with the Linux 2.6.25 kernel. The
+ syntax is e.g. esp=aes128ccm12 or esp=aes256gcm16.
+
+
+strongswan-4.2.1
+----------------
+
+- Support for "Hash and URL" encoded certificate payloads has been implemented
+ in the IKEv2 daemon charon. Using the "certuribase" option of a CA section
+ allows to assign a base URL to all certificates issued by the specified CA.
+ The final URL is then built by concatenating that base and the hex encoded
+ SHA1 hash of the DER encoded certificate. Note that this feature is disabled
+ by default and must be enabled using the option "charon.hash_and_url".
+
+- The IKEv2 daemon charon now supports the "uniqueids" option to close multiple
+ IKE_SAs with the same peer. The option value "keep" prefers existing
+ connection setups over new ones, where the value "replace" replaces existing
+ connections.
+
+- The crypto factory in libstrongswan additionaly supports random number
+ generators, plugins may provide other sources of randomness. The default
+ plugin reads raw random data from /dev/(u)random.
+
+- Extended the credential framework by a caching option to allow plugins
+ persistent caching of fetched credentials. The "cachecrl" option has been
+ re-implemented.
+
+- The new trustchain verification introduced in 4.2.0 has been parallelized.
+ Threads fetching CRL or OCSP information no longer block other threads.
+
+- A new IKEv2 configuration attribute framework has been introduced allowing
+ plugins to provide virtual IP addresses, and in the future, other
+ configuration attribute services (e.g. DNS/WINS servers).
+
+- The stroke plugin has been extended to provide virtual IP addresses from
+ a pool defined in ipsec.conf. The "rightsourceip" parameter now accepts
+ address pools in CIDR notation (e.g. 10.1.1.0/24). The parameter also accepts
+ the value "%poolname", where "poolname" identifies a pool provided by a
+ separate plugin.
+
+- Fixed compilation on uClibc and a couple of other minor bugs.
+
+- Set DPD defaults in ipsec starter to dpd_delay=30s and dpd_timeout=150s.
+
+- The IKEv1 pluto daemon now supports the ESP encryption algorithm CAMELLIA
+ with key lengths of 128, 192, and 256 bits, as well as the authentication
+ algorithm AES_XCBC_MAC. Configuration example: esp=camellia192-aesxcbc.
+
+
+strongswan-4.2.0
+----------------
+
+- libstrongswan has been modularized to attach crypto algorithms,
+ credential implementations (keys, certificates) and fetchers dynamically
+ through plugins. Existing code has been ported to plugins:
+ - RSA/Diffie-Hellman implementation using the GNU Multi Precision library
+ - X509 certificate system supporting CRLs, OCSP and attribute certificates
+ - Multiple plugins providing crypto algorithms in software
+ - CURL and OpenLDAP fetcher
+
+- libstrongswan gained a relational database API which uses pluggable database
+ providers. Plugins for MySQL and SQLite are available.
+
+- The IKEv2 keying daemon charon is more extensible. Generic plugins may provide
+ connection configuration, credentials and EAP methods or control the daemon.
+ Existing code has been ported to plugins:
+ - EAP-AKA, EAP-SIM, EAP-MD5 and EAP-Identity
+ - stroke configuration, credential and control (compatible to pluto)
+ - XML bases management protocol to control and query the daemon
+ The following new plugins are available:
+ - An experimental SQL configuration, credential and logging plugin on
+ top of either MySQL or SQLite
+ - A unit testing plugin to run tests at daemon startup
+
+- The authentication and credential framework in charon has been heavily
+ refactored to support modular credential providers, proper
+ CERTREQ/CERT payload exchanges and extensible authorization rules.
+
+- The framework of strongSwan Manager has envolved to the web application
+ framework libfast (FastCGI Application Server w/ Templates) and is usable
+ by other applications.
+
+
+strongswan-4.1.11
+-----------------
+
+- IKE rekeying in NAT situations did not inherit the NAT conditions
+ to the rekeyed IKE_SA so that the UDP encapsulation was lost with
+ the next CHILD_SA rekeying.
+
+- Wrong type definition of the next_payload variable in id_payload.c
+ caused an INVALID_SYNTAX error on PowerPC platforms.
+
+- Implemented IKEv2 EAP-SIM server and client test modules that use
+ triplets stored in a file. For details on the configuration see
+ the scenario 'ikev2/rw-eap-sim-rsa'.
+
+
+strongswan-4.1.10
+-----------------
+
+- Fixed error in the ordering of the certinfo_t records in the ocsp cache that
+ caused multiple entries of the same serial number to be created.
+
+- Implementation of a simple EAP-MD5 module which provides CHAP
+ authentication. This may be interesting in conjunction with certificate
+ based server authentication, as weak passwords can't be brute forced
+ (in contradiction to traditional IKEv2 PSK).
+
+- A complete software based implementation of EAP-AKA, using algorithms
+ specified in 3GPP2 (S.S0055). This implementation does not use an USIM,
+ but reads the secrets from ipsec.secrets. Make sure to read eap_aka.h
+ before using it.
+
+- Support for vendor specific EAP methods using Expanded EAP types. The
+ interface to EAP modules has been slightly changed, so make sure to
+ check the changes if you're already rolling your own modules.
+
+
+strongswan-4.1.9
+----------------
+
+- The default _updown script now dynamically inserts and removes ip6tables
+ firewall rules if leftfirewall=yes is set in IPv6 connections. New IPv6
+ net-net and roadwarrior (PSK/RSA) scenarios for both IKEv1 and IKEV2 were
+ added.
+
+- Implemented RFC4478 repeated authentication to force EAP/Virtual-IP clients
+ to reestablish an IKE_SA within a given timeframe.
+
+- strongSwan Manager supports configuration listing, initiation and termination
+ of IKE and CHILD_SAs.
+
+- Fixes and improvements to multithreading code.
+
+- IKEv2 plugins have been renamed to libcharon-* to avoid naming conflicts.
+ Make sure to remove the old plugins in $libexecdir/ipsec, otherwise they get
+ loaded twice.
+
+
+strongswan-4.1.8
+----------------
+
+- Removed recursive pthread mutexes since uClibc doesn't support them.
+
+
+strongswan-4.1.7
+----------------
+
+- In NAT traversal situations and multiple queued Quick Modes,
+ those pending connections inserted by auto=start after the
+ port floating from 500 to 4500 were erronously deleted.
+
+- Added a "forceencaps" connection parameter to enforce UDP encapsulation
+ to surmount restrictive firewalls. NAT detection payloads are faked to
+ simulate a NAT situation and trick the other peer into NAT mode (IKEv2 only).
+
+- Preview of strongSwan Manager, a web based configuration and monitoring
+ application. It uses a new XML control interface to query the IKEv2 daemon
+ (see http://trac.strongswan.org/wiki/Manager).
+
+- Experimental SQLite configuration backend which will provide the configuration
+ interface for strongSwan Manager in future releases.
+
+- Further improvements to MOBIKE support.
+
+
+strongswan-4.1.6
+----------------
+
+- Since some third party IKEv2 implementations run into
+ problems with strongSwan announcing MOBIKE capability per
+ default, MOBIKE can be disabled on a per-connection-basis
+ using the mobike=no option. Whereas mobike=no disables the
+ sending of the MOBIKE_SUPPORTED notification and the floating
+ to UDP port 4500 with the IKE_AUTH request even if no NAT
+ situation has been detected, strongSwan will still support
+ MOBIKE acting as a responder.
+
+- the default ipsec routing table plus its corresponding priority
+ used for inserting source routes has been changed from 100 to 220.
+ It can be configured using the --with-ipsec-routing-table and
+ --with-ipsec-routing-table-prio options.
+
+- the --enable-integrity-test configure option tests the
+ integrity of the libstrongswan crypto code during the charon
+ startup.
+
+- the --disable-xauth-vid configure option disables the sending
+ of the XAUTH vendor ID. This can be used as a workaround when
+ interoperating with some Windows VPN clients that get into
+ trouble upon reception of an XAUTH VID without eXtended
+ AUTHentication having been configured.
+
+- ipsec stroke now supports the rereadsecrets, rereadaacerts,
+ rereadacerts, and listacerts options.
+
+
+strongswan-4.1.5
+----------------
+
+- If a DNS lookup failure occurs when resolving right=%<FQDN>
+ or right=<FQDN> combined with rightallowany=yes then the
+ connection is not updated by ipsec starter thus preventing
+ the disruption of an active IPsec connection. Only if the DNS
+ lookup successfully returns with a changed IP address the
+ corresponding connection definition is updated.
+
+- Routes installed by the keying daemons are now in a separate
+ routing table with the ID 100 to avoid conflicts with the main
+ table. Route lookup for IKEv2 traffic is done in userspace to ignore
+ routes installed for IPsec, as IKE traffic shouldn't get encapsulated.
+
+
+strongswan-4.1.4
+----------------
+
+- The pluto IKEv1 daemon now exhibits the same behaviour as its
+ IKEv2 companion charon by inserting an explicit route via the
+ _updown script only if a sourceip exists. This is admissible
+ since routing through the IPsec tunnel is handled automatically
+ by NETKEY's IPsec policies. As a consequence the left|rightnexthop
+ parameter is not required any more.
+
+- The new IKEv1 parameter right|leftallowany parameters helps to handle
+ the case where both peers possess dynamic IP addresses that are
+ usually resolved using DynDNS or a similar service. The configuration
+
+ right=peer.foo.bar
+ rightallowany=yes
+
+ can be used by the initiator to start up a connection to a peer
+ by resolving peer.foo.bar into the currently allocated IP address.
+ Thanks to the rightallowany flag the connection behaves later on
+ as
+
+ right=%any
+
+ so that the peer can rekey the connection as an initiator when his
+ IP address changes. An alternative notation is
+
+ right=%peer.foo.bar
+
+ which will implicitly set rightallowany=yes.
+
+- ipsec starter now fails more gracefully in the presence of parsing
+ errors. Flawed ca and conn section are discarded and pluto is started
+ if non-fatal errors only were encountered. If right=%peer.foo.bar
+ cannot be resolved by DNS then right=%any will be used so that passive
+ connections as a responder are still possible.
+
+- The new pkcs11initargs parameter that can be placed in the
+ setup config section of /etc/ipsec.conf allows the definition
+ of an argument string that is used with the PKCS#11 C_Initialize()
+ function. This non-standard feature is required by the NSS softoken
+ library. This patch was contributed by Robert Varga.
+
+- Fixed a bug in ipsec starter introduced by strongswan-2.8.5
+ which caused a segmentation fault in the presence of unknown
+ or misspelt keywords in ipsec.conf. This bug fix was contributed
+ by Robert Varga.
+
+- Partial support for MOBIKE in IKEv2. The initiator acts on interface/
+ address configuration changes and updates IKE and IPsec SAs dynamically.
+
+
+strongswan-4.1.3
+----------------
+
+- IKEv2 peer configuration selection now can be based on a given
+ certification authority using the rightca= statement.
+
+- IKEv2 authentication based on RSA signatures now can handle multiple
+ certificates issued for a given peer ID. This allows a smooth transition
+ in the case of a peer certificate renewal.
+
+- IKEv2: Support for requesting a specific virtual IP using leftsourceip on the
+ client and returning requested virtual IPs using rightsourceip=%config
+ on the server. If the server does not support configuration payloads, the
+ client enforces its leftsourceip parameter.
+
+- The ./configure options --with-uid/--with-gid allow pluto and charon
+ to drop their privileges to a minimum and change to an other UID/GID. This
+ improves the systems security, as a possible intruder may only get the
+ CAP_NET_ADMIN capability.
+
+- Further modularization of charon: Pluggable control interface and
+ configuration backend modules provide extensibility. The control interface
+ for stroke is included, and further interfaces using DBUS (NetworkManager)
+ or XML are on the way. A backend for storing configurations in the daemon
+ is provided and more advanced backends (using e.g. a database) are trivial
+ to implement.
+
+ - Fixed a compilation failure in libfreeswan occuring with Linux kernel
+ headers > 2.6.17.
+
+
strongswan-4.1.2
----------------
-- Support for an additional diffie hellman exchange when creating/rekeying
+- Support for an additional Diffie-Hellman exchange when creating/rekeying
a CHILD_SA in IKEv2 (PFS). PFS is enabled when the proposal contains a
DH group (e.g. "esp=aes128-sha1-modp1536"). Further, DH group negotiation
is implemented properly for rekeying.
- Added support for EAP modules which do not establish an MSK.
+- Removed the dependencies from the /usr/include/linux/ headers by
+ including xfrm.h, ipsec.h, and pfkeyv2.h in the distribution.
+
+- crlNumber is now listed by ipsec listcrls
+
- The xauth_modules.verify_secret() function now passes the
connection name.
+
strongswan-4.1.1
----------------
strict payload order, correct INVALID_KE_PAYLOAD rejection and other minor
fixes to enhance interoperability with other implementations.
+
strongswan-4.0.7
----------------