Since some third party IKEv2 implementations run into problems with strongSwan announcing MOBIKE capability per default, MOBIKE can be disabled on a per-connection-basis using the mobike=no option. Whereas mobike=no disables the sending of the MOBIKE_SUPPORTED notification and the floating to UDP port 4500 with the IKE_AUTH request even if no NAT situation has been detected, strongSwan will still support MOBIKE acting as a responder.
the default ipsec routing table plus its corresponding priority used for inserting source routes has been changed from 100 to 220. It can be configured using the --with-ipsec-routing-table and --with-ipsec-routing-table-prio options.
the --enable-integrity-test configure option tests the integrity of the libstrongswan crypto code during the charon startup.
the --disable-xauth-vid configure option disables the sending of the XAUTH vendor ID. This can be used as a workaround when interoperating with some Windows VPN clients that get into trouble upon reception of an XAUTH VID without eXtended AUTHentication having been configured.
ipsec stroke now supports the rereadsecrets, rereadaacerts, rereadacerts, and listacerts options.