- The openssl plugin now uses the AES-NI accelerated version of AES-GCM
if the hardware supports it.
+- The eap-radius plugin can now assign virtual IPs to IKE clients using the
+ Framed-IP-Address attribute by using the "%radius" named pool in the
+ rightsourceip ipsec.conf option. Cisco Banner attributes are forwarded to
+ Unity-capable IKEv1 clients during mode config. charon now sends Interim
+ Accounting updates if requested by the RADIUS server, reports
+ sent/received packets in Accounting messages, and adds a Terminate-Cause
+ to Accounting-Stops.
+
+- The recently introduced "ipsec listcounters" command can report connection
+ specific counters by passing a connection name, and global or connection
+ counters can be reset by the "ipsec resetcounters" command.
+
+- The strongSwan libpttls library provides an experimental implementation of
+ PT-TLS (RFC 6876), a Posture Transport Protocol over TLS.
+
+- The charon systime-fix plugin can disable certificate lifetime checks on
+ embedded systems if the system time is obviously out of sync after bootup.
+ Certificates lifetimes get checked once the system time gets sane, closing
+ or reauthenticating connections using expired certificates.
+
+- The "ikedscp" ipsec.conf option can set DiffServ code points on outgoing
+ IKE packets.
strongswan-5.0.2
----------------
projects / thirdparty / strongswan.git / commitdiff
