strongSwan

h1. Version 4.1.6

* Since some third party IKEv2 implementations run into

  problems with strongSwan announcing MOBIKE capability per

  default, MOBIKE can be disabled on a per-connection-basis

  using the mobike=no option. Whereas mobike=no disables the

  sending of the MOBIKE_SUPPORTED notification and the floating

  to UDP port 4500 with the IKE_AUTH request even if no NAT

  situation has been detected, strongSwan will still support

  MOBIKE acting as a responder.

* the default ipsec routing table plus its corresponding priority

  used for inserting source routes has been changed from 100 to 220.

  It can be configured using the --with-ipsec-routing-table and

  --with-ipsec-routing-table-prio options.

* the --enable-integrity-test configure option tests the

  integrity of the libstrongswan crypto code during the charon

  startup.

* the --disable-xauth-vid configure option disables the sending

  of the XAUTH vendor ID. This can be used as a workaround when

  interoperating with some Windows VPN clients that get into

  trouble upon reception of an XAUTH VID without eXtended

  AUTHentication having been configured.

* ipsec stroke now supports the rereadsecrets, rereadaacerts,

  rereadacerts, and listacerts options.