strongswan: Update to version 6.0.0
- Update from version 5.9.14 to 6.0.0
- Update of rootfile
- The stroke plugin, which was deprecated in 2014 is no longer enabled by default.
So it is now enabled expolicitly in this patch.
The stroke plugin is recommended to be migrated to using the vici plugin but this
will require a re-write of the ipsec WUI page. Hopefully the removal of the stroke
plugin will also take many years as the time between deprecation and default
disabling.
- Also aes, curve25519, des, fips-prf, gmp, hmac, md5, pkcs12, rc2, sha1 & sha2 are no
longer enabled by default. Most of these don 't need to be enabled as they are
supported by the openssl plugin whicxh we have had explicitly enabled for some time.
The openssl plugin is now enabled by default. After some checks to see which plugins
I needed to enable to match the current set of algorithms I ended up only needing\
to explicitly enable fips-prf, mgf1 & hmac.
- The ml plugin has also been enbabled so that we have the ML_KEM post quantum key
exchange algorithms enabled so they can be made available in the ipsec WUI.
- All existing algorithms are available together with the following new ones.
XOF_MGF1_SHA3_224
XOF_MGF1_SHA3_256
XOF_MGF1_SHA3_384
XOF_MGF1_SHA3_512
ML_KEM_512
ML_KEM_768
ML_KEM_10245
- I also installed the build using 6.0.0 into a vm testbed system and confirmed that my
existing ipsec connection using the default crypto values from the WUI worked without
any problems. So existing connections should all be fine.
- Changelog
6.0.0
New Feature Additions
Support for multiple IKEv2 key exchanges (RFC 9370) has been added
(
3a850ae). IKE_INTERMEDIATE exchanges (RFC 9242) are used to transport
additional KE payloads between the IKE_SA_INIT and IKE_AUTH exchanges. To
rekey IKE and Child SAs with multiple key exchanges, IKE_FOLLOWUP_KE
exchanges are used, as defined in RFC 9370.
In proposals, additional key exchange methods are configured via
keX_ prefix, where X is a number between 1 and 7. For example,
ke1_mlkem768 adds ML-KEM-768 as additional KE method (works with any key
exchange method, whether post-quantum or classic). As with regular key
exchanges, peers have to agree on a method for each round unless no
algorithms are defined by both or keX_none is configured to make that
round explicitly optional.
Support for the Module-Lattice-Based Key-Encapsulation Mechanism
(ML-KEM, FIPS 203), a key exchange method that, at present, is believed
to be secure even against adversaries who possess a quantum computer, has
been added via Botan 3.6.0+ (botan plugin), wolfSSL 5.7.4+
(wolfssl plugin), AWS-LC 1.37.0+ (openssl plugin), and the new ml plugin.
The keywords for ML-KEM-512 (128 bits security strength), ML-KEM-768
(192 bits), ML-KEM-1024 (256 bits) are mlkem512, mlkem768 and mlkem1024,
respectively.
AF_VSOCK sockets can be used on Linux to communicate with a daemon that
runs in a VM (e.g. via the vici plugin).
The file logger can optionally log messages as JSON objects (
a2fba6d,
bea1f11, see the docs for details), and can add timestamps in
microseconds via the new time_precision setting (#2475).
Enhancements and Optimizations
Handling of CHILD_SA rekey collisions has been improved (
d2b2e1b). This
makes CHILD_SAs properly trackable via child_rekey() hook and some corner
cases are also handled correctly e.g. if a responder's DELETE for the new
CHILD_SA arrives before its CREATE_CHILD_SA response that creates that SA
in the first place. Also handled properly are responders of rekeyings
that incorrectly send a DELETE for the old CHILD_SA (previously, this
caused both, the new and the old SA, to get deleted).
The behavior when reloading or unloading connections that include start in
their start_action has been improved (#2324, #2418).
If no identity is configured but a certificate is available, the subject
DN is used instead of the IP address (#2353).
The cert-enroll script now supports three generations of CA certificates
(
f59ca96).
IKE ports are now considered when matching connections (
9228a51,
6928709).
The base address of in-memory IP address pools is now reported as
configured (#2264).
IKE fragment sizes can be configured for each address family explicitly
(
84bd011).
The openssl plugin can use the EVP_DigestSqueeze() API for XOFs, which was
introduced with OpenSSL 3.3 (
3d0f695).
The kernel-netlink plugin explicitly configures the direction of IPsec SAs
when running on 6.10+ kernels (
abdc787).
The Android app was updated for compatibility with Android 14 (
740cbb2), a
bug was fixed that affects importing already existing VPN profiles
(
9b9cf20).
Fixes
The NetworkManager plugin (charon-nm) now uses a different routing table
than the regular IKE daemon to avoid conflicts if both are running (#2230).
TUN devices can properly handle IPv6 addresses (
fccc764) and routes via
them are now correctly installed on FreeBSD (
bf165af).
Reassigning a matching online lease is now preferred over an offline lease
by the in-memory IP address pool to avoid conflicts with make-before-break
reauthentication and multiple IKE_SAs per identity (#2472).
To avoid conflicts with other processes when using ephemeral UDP ports,
the socket-default plugin now always opens IPv4 sockets before IPv6
sockets (#2494).
Challenge passwords in PKCS#10 containers are again encoded as
PrintableString if possible to be compatible with older SCEP
implementations (
8e88d56).
The vici plugin now uses the same ESP proposals (AEAD before regular) when
configuring default instead of not configuring esp_proposals at all
(
8e020bc).
Fixed handling of adopted reqids during IKEv1 rekeying (
d02aea9, bug was
introduced in 5.9.12).
A typo in the cert-enroll script prevented successful signalling of a
change of the sub CA certificate (
957aae8).
Plugin and Configuration Changes
The legacy stroke plugin is no longer enabled by default and must be
enabled explicitly.
The openssl plugin is now enabled by default, while the following crypto
plugins are no longer enabled by default: aes, curve25519, des, fips-prf,
gmp, hmac, md5, pkcs12, rc2, sha1, sha2.
The following deprecated plugins have been removed: bliss (signature
scheme), newhope (key exchange method), ntru (key exchange method).
charon.make_before_break is now enabled by default, which initiates IKEv2
reauthentication with a make-before-break instead of a break-before-make
scheme. Make-before-break creates overlapping IKE and Child SA during
reauthentication by first recreating all SAs before deleting the old ones.
This behavior can be beneficial to avoid connectivity gaps during
reauthentication (unlike rekeying still not completely without
interruption), but requires support for overlapping SAs by the peer.
strongSwan can handle such overlapping SAs since version 5.3.0.
For Developers
Using the child_rekey() hook now allows tracking CHILD_SAs correctly in
case of rekey collisions. The event is generally only triggered once
after installing the outbound SA for the new/winning CHILD_SA. However,
in some cases the event is triggered twice, but it is now ensured that
listeners can properly transition to the winning SA.
Refer to the documentation of key_exchange_method_t interface to learn how
KEMs can be implemented in plugins.
The format of key exchange test vectors has been changed so they can be
used for KEMs and classic DH methods (
4067678).
The NetworkManager frontend's build files have been updated to not rely on
gnome-common. It now also uses gettext directly instead of intltool
(
5019e3e).
Performance of running tests in the testing environment has been improved.
Refer to the 6.0.0 milestone for a list of all closed issues and pull requests.
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
projects / people / ms / ipfire-2.x.git / commit
