From: Martin Willi <martin@revosec.ch>
Date: Wed, 4 Sep 2013 09:06:58 +0000 (+0200)
Subject: NEWS: 5.1.1 update for merged branches
X-Git-Tag: 5.1.1dr3~15
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=38fb8e4ed59b64fac37c8fdea38c1bb571a507f1;p=thirdparty%2Fstrongswan.git

NEWS: 5.1.1 update for merged branches
---

diff --git a/NEWS b/NEWS
index d67d870a9e..d389fbf403 100644
--- a/NEWS
+++ b/NEWS
@@ -4,6 +4,23 @@ strongswan-5.1.1
 - The lean stand-alone pt-tls-client can set up a RFC 6876 PT-TLS session
   with a strongSwan policy enforcement point which uses the tnc-pdp charon plugin.
 
+- The XAuth backend in eap-radius now supports multiple XAuth exchanges for
+  different credential types and display messages. All user input gets
+  concatenated and verified with a single User-Password RADIUS attribute on
+  the AAA. With an AAA supporting it, one for example can implement
+  Password+Token authentication with proper dialogs on iOS and OS X clients.
+
+- charon supports IKEv1 Mode Config exchange in push mode. The ipsec.conf
+  modeconfig=push option enables it for both client and server, the same way
+  as pluto used it.
+
+- The left and right options in ipsec.conf can take multiple address ranges
+  and subnets. This allows connection matching against a larger set of
+  addresses, for example to use a different connection for clients connecting
+  from a internal network.
+
+- load-tester supports transport mode connections and more complex traffic
+  selectors, including such using unique ports for each tunnel.
 
 strongswan-5.1.0
 ----------------