strongSwan

h1. Version 5.4.0

* Support for IKEv2 redirection ("RFC 5685":https://tools.ietf.org/html/rfc5685) has been added.  Plugins may

  implement the @redirect_provider_t@ interface (source:src/libcharon/sa/redirect_provider.h)

  to decide if and when to redirect connecting clients.  It is also possible to

  redirect established IKE_SAs based on different selectors via [[vici]]/[[swanctl]].

  Unless disabled in [[strongswan.conf]] the charon daemon will follow redirect

  requests received from servers.

* The @ike:@ prefix enables the explicit configuration of signature scheme

  constraints against IKEv2 authentication in _rightauth_, which allows the use

  of different signature schemes for trustchain verification and authentication.

  Configuration of such constraints via [[vici]]/[[swanctl]] is now also possible.

* The initiator of an IKEv2 make-before-break reauthentication now suspends

  online certificate revocation checks (OCSP, CRLs) until the new IKE_SA and all

  CHILD_SAs are established.  This is required if the checks are done over the

  CHILD_SA established with the new IKE_SA.  This is not possible until the

  initiator installs this SA and that only happens after the authentication is

  completed successfully.  So we suspend the checks during the reauthentication

  and do them afterwards, if they fail the IKE_SA is closed.  This change has no

  effect on the behavior during the authentication of the initial IKE_SA.

* For the [[vici]] plugin a Vici:Session Perl CPAN module has been added to allow

  Perl applications to control and/or monitor the IKE daemon using the VICI

  interface, similar to the existing Python egg or Ruby gem.

* Traffic selectors with port ranges can now be configured in the Linux kernel:

  e.g. _remote_ts = 10.1.0.0/16[tcp/20-23]_ and _local_ts = dynamic[tcp/32768-65535]_.

  The port range must map to a port mask, though, since the kernel does not

  support arbitrary ranges.

* The [[vici]] plugin allows the configuration of IPv4 and IPv6 address ranges

  in local and remote traffic selectors. Since both the Linux kernel and

  @iptables@ cannot handle arbitrary ranges, address ranges are mapped to the

  next larger CIDR subnet by the _kernel-netlink_ and _updown_ plugins, respectively.

* Implemented IKEv1 IPv4/IPv6 address subnet and range identities that can be

  used as owners of shared secrets.

* The new _p-cscf_ plugin can request P-CSCF server addresses from an ePDG via

  IKEv2 ("RFC 7651":https://tools.ietf.org/html/rfc7651).  Addresses of the same families as that of requested virtual

  IPs are requested if enabled in [[strongswan.conf]] for a particular connection.

  The plugin currently writes received addresses to the log.

* The default proposals now use a security strength of 128 bit.  The default DH group

  for IKE is now either _ecp256_ or _modp3072_, depending on whether the _openssl_ plugin

  is loaded or not. The default ESP proposal is _aes128-sha256_, which requires HMAC-SHA2-256

  support with 128 bit truncation, which the Linux kernel correctly implements since 2.6.33.

  But there are reports that other implementations might still not do so (#1353).

* DH groups are now listed for CHILD_SAs in @ipsec statusall@. Note that for IKEv2 the

  first CHILD_SA is created without a separate DH exchange (the key material is derived

  from the IKE keys). Therefore any DH group will only be listed after the first rekeying

  of such a CHILD_SA.  For CHILD_SAs created with a separate CREATE_CHILD_SA exchange

  and for IKEv1 a DH group will always be listed if PFS(Perfect Forward Secrecy) is used.

* IKE SPIs are now printed in network byte order in log messages and status output.

* Start actions configured via [[vici]] are reversed when configs are unloaded, unchanged

  child configs are not affected by this anymore. Any IKE_SA that ends up without CHILD_SAs

  after that is now closed.

* Asynchronous initiation and termination is supported via [[vici]] by specifying a timeout of -1.

* To distinguish child configs with the same name associated with different

  connection entries the name of the connection may be sent in the initiate/install

  [[vici]] commands using the _ike_ parameter.

* The [[vici]] plugin and [[swanctl]] now support authentication with raw public keys. Also,

  the commands used to manage and list certificates/keys have been extended.

* Multiple authentication rounds sent via [[vici]] may now be ordered by the optional _round_

  parameter instead of by the order of the _local/remote*_ sections in the request (required for

  the Perl bindings that don't use ordered dictionaries).

* The [[vici]] plugin and [[swanctl]] are now enabled by default.

* CHILD_SAs of IKEv1 SAs might now optionally (_charon.delete_rekeyed_ in [[strongswan.conf]])

  be deleted immediately after they got successfully rekeyed instead of waiting for the hard

  timeout, which could be problematic if traffic based limits are used.

* The _charon.reuse_ikesa_ option is now always enabled for IKEv1 (commit:24ab8530e5).

* IPv6 virtual IPs are now correctly sent for IKEv1 (commit:91d80298f9).  The incorrect encoding is

  still accepted but the new encoding might cause problems for older strongSwan clients.

* No NAT keepalives are sent if a host has lost connectivity (i.e. no local address is found to

  reach the peer).

* In the log threads may optionally be identified by their actual thread ID instead of a simple

  incremented value starting from 1 (_--enable-log-thread-ids_).

* _libhydra_ has been removed, all plugins and the kernel interface have been integrated

  into _libcharon_.