strongSwan

h1. Version 5.1.0

* Fixed a denial-of-service vulnerability triggered by specific XAuth usernames

  and EAP identities (since [[5.0.3]]), and PEM files (since [[4.1.11]]).  The crash

  was caused by insufficient error handling in the is_asn1() function.

  The vulnerability has been registered as "CVE-2013-5018":http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2013-5018.

  Refer to "our blog":http://www.strongswan.org/blog/2013/08/01/strongswan-denial-of-service-vulnerability-(cve-2013-5018).html for details.

* The new [[charon-cmd]] command line IKE client can establish road warrior

  connections using IKEv1 or IKEv2 with different authentication profiles.

  It does not depend on any configuration files (no [[ipsec.conf]] nor [[ipsec.secrets]]

  but may use [[strongswan.conf]] options) and can be configured using a few

  simple command line options.

* The kernel-pfroute networking backend has been greatly improved. It now

  can install virtual IPs on TUN devices on [[MacOSX|Mac OS X]] and [[FreeBSD]], allowing these

  systems to act as a client in common road warrior scenarios.

* The new _kernel-libipsec_ plugin uses TUN devices and libipsec to provide IPsec

  processing in userland on Linux, FreeBSD and Mac OS X.

* The [[EapRadius|eap-radius]] plugin can now serve as an XAuth backend called _xauth-radius_,

  directly verifying XAuth credentials using RADIUS User-Name/User-Password

  attributes. This is more efficient than the existing _xauth-eap_ + _eap-radius_

  combination, and allows RADIUS servers without EAP support to act as AAA

  backend for IKEv1.

* The new _osx-attr_ plugin installs configuration attributes (currently DNS

  servers) via SystemConfiguration on Mac OS X. The _keychain_ plugin provides

  certificates from the OS X keychain service.

* The _sshkey_ plugin parses SSH public keys, which, together with the _--agent_

  option for [[charon-cmd]], allows the use of _ssh-agent_ for authentication.

  To configure SSH keys in [[ipsec.conf]] the _left|rightrsasigkey_ options are

  replaced with _left|rightsigkey_, which now take public keys in one of three

  formats: SSH (RFC 4253, _ssh:_ prefix), DNSKEY (RFC 3110, _dns:_ prefix), and

  PKCS#1 (the default, no prefix).

* Extraction of certificates and private keys from PKCS#12 files is now provided

  by the new _pkcs12_ plugin or the _openssl_ plugin.  [[charon-cmd]] (_--p12_) as well

  as charon (via [[P12Secret|P12 token]] in [[ipsec.secrets]]) can make use of this.

* IKEv2 can now negotiate transport mode and IPComp in NAT situations.

* IKEv2 exchange initiators now properly close an established IKE or CHILD_SA

  on error conditions using an additional exchange, keeping state in sync

  between peers.

* Using a SQL database interface a Trusted Network Connect (TNC) Policy Manager

  can generate specific measurement workitems for an arbitrary number of

  Integrity Measurement Verifiers (IMVs) based on the history of the VPN user

  and/or device.

  The new "strongTNC":https://github.com/strongswan/strongTNC web application provides a frontend to manage such databases.

  This project was started by Stefan Rohner and Marco Tanner as part of their Bachelor Thesis.

* Several core classes in libstrongswan are now tested with unit tests.  These

  can be enabled with _--enable-unit-tests_ and run with @make check@.  Coverage

  reports can be generated with _--enable-coverage_ and @make coverage@ (this

  disables any optimization, so it should not be enabled when building

  production releases).

* The leak-detective developer tool has been greatly improved. It works much

  faster/stabler with multiple threads, does not use deprecated malloc hooks

  anymore and has been ported to OS X.

* @chunk_hash()@ is now based on "SipHash-2-4":https://131002.net/siphash/ with a random key.  This provides

  better distribution and prevents hash flooding attacks when used with

  hashtables. To generate reproducible hashes the @chunk_hash_static()@ function

  can be used.

* All default plugins implement the @get_features()@ method to define features

  and their dependencies.  The plugin loader has been improved, so that plugins

  in a custom [[PluginLoad|load statement]] can be ordered freely or to express preferences

  without being affected by dependencies between plugin features.

* A centralized thread can take care for watching multiple file descriptors

  concurrently. This removes the need for a dedicated listener threads in

  various plugins. The number of "reserved" threads for such tasks has been

  reduced to about five, depending on the plugin configuration.

* Plugins that can be controlled by a UNIX socket IPC mechanism gained network

  transparency. Third party applications querying these plugins now can use

  TCP connections from a different host.

  See the respective _socket_ options in [[strongswan.conf]].

* Protocol and port can be specified for each individual subnet specified with

  the _left|rightsubnet_ [[ConnSection|ipsec.conf]] options.

* The _closeaction_ [[ConnSection|ipsec.conf]] option is now also supported for IKEv1 (thanks to

  Oliver Smith for the initial patch).

* libipsec now supports AES-GCM.

* By replacing several linked lists that exist during the full lifetime of an SA with a

  simple array implementation the memory usage per tunnel is reduced by 5 KB or more.

* Responders reuse _reqids_ of trapped policies, making _auto=route_ on both sides more reliable.

* Instead of silently replacing a policy if the reqid changes, the _kernel-netlink_

  plugin now rejects such requests.  This has consequences e.g. if two clients behind the

  same NAT use transport mode (see #365).

* [[ReducedPrivileges|Capability dropping]] has been improved. Every plugin verifies that the capabilities

  it requires are actually held and requests to keep only those that are really required at runtime.

* Support for silent rules was added to the [[Autoconf|build system]], they can be enabled

  with _--enable-silent-rules_.  @make V=0@ or @V=1@ can be used to build with a different

  verbosity than configured.

* The unique identifier of an IKE_SA is passed as _PLUTO_UNIQUEID_ to the updown script.

* Whether the _socket-default_ plugin uses IPv4 and/or IPv6 can be configured via [[strongswan.conf]].

* Fixed a race-condition if the DELETE for a redundant CHILD_SA created by a responder during a

  CHILD_SA rekey collision arrives before the responder's answer to the initiator's winning

  CREATE_CHILD_SA request.

* The X.509 certificate decoder provided by the _openssl_ plugin supports IP address blocks (patch by Michael Rossberg).

* [[scepclient]] can use a specific source address configured with the new _--bind_ option.

* Negotiation of IKEv1 DPD with Cisco IOS devices has been fixed, if they do not send the

  DPD vendor ID in the first message.

* The [[IPsecStroke|ipsec stroke]] _exportconncert_ and _exportconnchain_ commands can be used to export

  either a single end entity certificate or the full trust chain for a specific connection.

* The [[IPsecStroke|ipsec stroke]] _up-nb_ and  _down-nb_ commands do the same as _up_ and _down_, respectively,

  but they do not block until the command has finished.