5.6.3 Due in 26 days (21.05.2018) Minor Release 80% 15 issues (12 closed — 3 open) Version 5.6.3¶ This will be the next minor release, see Roadmap for updates on the release date. Related issues Feature #2162: Support for trap policies (auto=route) with virtual IPs Feature #2189: Support RFC 8229: TCP Encapsulation of IKE and IPsec Packets Bug #2536: Issues while handling faulty CREATE_CHILD_SA messages Bug #2554: bypasslan creates passthrough for route with nexthop set Bug #2555: bypasslan creates passthroughs for ::1 and attempts bypass for %any6 Bug #2557: Incorrect handling of unknown transform types in proposals Bug #2573: updown script is not called if IKEv1 IKE_SA rekey/reauthentication fails due to retransmits Bug #2574: PKCS#8 key file written by OpenSSL 1.1 can't be loaded because it uses SHA-2 based PRFs for PKCS#5 Bug #2579: 5.6.2 crashes on FreeBSD Bug #2582: Typo patch prevents test-suites to be built Bug #2608: Ensure fetched CRLs are signed by certificate issuer unless cRLIssuer is specified in the CDP Bug #2610: Reauthentication fails when used both mark_in option and make_before_break=yes Bug #2614: StrongSwan sends/expects key length for chapoly even though it is a fixed-length key Bug #2638: BLISS plug-in failed to build under macOS Bug #2646: Additional CHILD_SA is created during IKE reauthentication if it is initiated shortly after CHILD_SA rekeying