From: Martin Willi <martin@strongswan.org>
Date: Thu, 7 Jan 2010 10:14:33 +0000 (+0100)
Subject: Added NEWS for the new Vendor ID requirement for private use allocations
X-Git-Tag: 4.3.6~44
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=cdad91de494b617382d57b4407ef388eb590a62c;p=thirdparty%2Fstrongswan.git

Added NEWS for the new Vendor ID requirement for private use allocations
---

diff --git a/NEWS b/NEWS
index 4219786b38..64801421f7 100644
--- a/NEWS
+++ b/NEWS
@@ -1,7 +1,7 @@
 strongswan-4.3.6
 ----------------
 
-- The IKEv2 daemon supports RFC 3779 IP address block constraints 
+- The IKEv2 daemon supports RFC 3779 IP address block constraints
   carried as a critical X.509v3 extension in the peer certificate.
 
 - The ipsec pool --add|del dns|nbns command manages DNS and NBNS name
@@ -29,6 +29,12 @@ strongswan-4.3.6
 - Fixed BEET mode connections on recent kernels by installing SAs with
   appropriate traffic selectors, based on a patch by Michael Rossberg.
 
+- Using extensions (such as BEET mode) and crypto algorithms (such as twofish,
+  serpent, sha256_96) allocated in the private use space now require that we
+  know its meaning, i.e. we are talking to strongSwan. Use the new
+  "charon.send_vendor_id" option in strongswan.conf to let the remote peer know
+  this is the case.
+
 - The IKEv1 daemon ignores the Juniper SRX notification type 40001, thus
   allowing interoperability.