Version 4.6.0

  • The new libstrongswan certexpire plugin collects expiration information of
    all used certificates and exports them to CSV files. It either directly
    exports them or uses cron style scheduling for batch exports.
  • starter passes unresolved hostnames to charon, allowing it to do name
    resolution not before the connection attempt. This is especially useful with
    connections between hosts using dynamic IP addresses. Thanks to Mirko Parthey
    for the initial patch.
  • The android plugin can now be used without the Android frontend patch and
    provides DNS server registration and logging to logcat.
  • Pluto and starter (plus stroke and whack) have been ported to Android. With starter and
    stroke the IKEv2 daemon charon can now be configured via ipsec.conf on Android.
  • Support for ECDSA private and public key operations has been added to the
    pkcs11 plugin. The plugin now also provides DH and ECDH via PKCS#11 and can
    use tokens as random number generators (RNG). By default only private key
    operations are enabled, more advanced features have to be enabled by their
    option in strongswan.conf. This also applies to public key operations (even
    for keys not stored on the token) which were enabled by default before.
  • The libstrongswan plugin system now supports detailed plugin dependencies.
    Many plugins have been extended to export their capabilities and requirements.
    This allows the plugin loader to resolve plugin loading order automatically,
    and in future releases, to dynamically load the required features on demand.
    Existing third party plugins are source (but not binary) compatible if they
    properly initialize the new get_features() plugin function to NULL.
  • The tnc-ifmap plugin implements a TNC IF-MAP 2.0 client which can deliver
    metadata about IKE_SAs via a SOAP interface to a MAP server. The tnc-ifmap
    plugin requires the Apache Axis2/C library.
  • Remote attestation effected by the TCG Platform Trust Service (PTS)
    can be transferred via the TNC IF-M 1.0 protocol (RFC 5792 PA-TNC)
    to a strongSwan TNC server. Currently remote file measurements are
    supported with full TPM support expected for the 4.6.1 release.
    For details consult the following link: