Version 4.3.0

  • Support for the IKEv2 Multiple Authentication Exchanges extension (RFC4739).
    Initiators and responders can use several authentication rounds (e.g. RSA
    followed by EAP) to authenticate. The new ipsec.conf leftauth/rightauth and
    leftauth2/rightauth2 parameters define own authentication rounds or setup
    constraints for the remote peer. See the ipsec.conf man page for more detials.
  • If glibc printf hooks (register_printf_function) are not available,
    strongSwan can use the vstr string library to run on non-glibc systems.
  • The IKEv2 charon daemon can now configure the ESP CAMELLIA-CBC cipher
  • Refactored the pluto and scepclient code to use basic functions (memory
    allocation, leak detective, chunk handling, printf_hooks, strongswan.conf
    attributes, ASN.1 parser, etc.) from the libstrongswan library.
  • Up to two DNS and WINS servers to be sent via IKEv1 ModeConfig can be
    configured in the pluto section of strongswan.conf.