Support for the IKEv2 Multiple Authentication Exchanges extension (RFC4739). Initiators and responders can use several authentication rounds (e.g. RSA followed by EAP) to authenticate. The new ipsec.conf leftauth/rightauth and leftauth2/rightauth2 parameters define own authentication rounds or setup constraints for the remote peer. See the ipsec.conf man page for more detials.
If glibc printf hooks (register_printf_function) are not available, strongSwan can use the vstr string library to run on non-glibc systems.
The IKEv2 charon daemon can now configure the ESP CAMELLIA-CBC cipher (esp=camellia128|192|256).
Refactored the pluto and scepclient code to use basic functions (memory allocation, leak detective, chunk handling, printf_hooks, strongswan.conf attributes, ASN.1 parser, etc.) from the libstrongswan library.
Up to two DNS and WINS servers to be sent via IKEv1 ModeConfig can be configured in the pluto section of strongswan.conf.