Changelog for 4.5.x¶
- Our private libraries (e.g. libstrongswan) are not installed directly in
prefix/lib anymore. Instead a subdirectory is used (prefix/lib/ipsec/ by
default). The plugins directory is also moved from libexec/ipsec/ to that
- The dynamic IMC/IMV libraries were moved from the plugins directory to
a new imcvs directory in the prefix/lib/ipsec/ subdirectory.
- Job priorities were introduced to prevent thread starvation caused by too
many threads handling blocking operations (such as CRL fetching).
- Two new strongswan.conf options allow to fine-tune performance on IKEv2
gateways by dropping IKE_SA_INIT requests on high load.
- IKEv2 charon daemon supports PASS and DROP shunt policies
preventing traffic to go through IPsec connections. Installation of the
shunt policies either via the XFRM netfilter or PFKEYv2 IPsec kernel
- The history of policies installed in the kernel is now tracked so that e.g.
trap policies are correctly updated when reauthenticated SAs are terminated.
- IMC/IMV Scanner pair implementing the RFC 5792 PA-TNC (IF-M) protocol.
Using "netstat -l" the IMC scans open listening ports on the TNC client
and sends a port list to the IMV which based on a port policy decides if
the client is admitted to the network.
- IMC/IMV Test pair implementing the RFC 5792 PA-TNC (IF-M) protocol.
- The IKEv2 close action does not use the same value as the ipsec.conf dpdaction
setting, but the value defined by its own closeaction keyword. The action
is triggered if the remote peer closes a CHILD_SA unexpectedly.
- The whitelist plugin for the IKEv2 daemon maintains an in-memory identity
whitelist. Any connection attempt of peers not whitelisted will get rejected.
The 'ipsec whitelist' utility provides a simple command line frontend for
- The duplicheck plugin provides a specialized form of duplicate checking,
doing a liveness check on the old SA and optionally notify a third party
application about detected duplicates.
- The coupling plugin permanently couples two or more devices by limiting
authentication to previously used certificates.
- In the case that the peer config and child config don't have the same name
(usually in SQL database defined connections),
ipsec up|route <peer config>
starts|routes all associated child configs and
ipsec up|route <child config>
only starts|routes the specific child config.
- fixed the encoding and parsing of X.509 certificate policy statements (CPS).
- Duncan Salerno contributed the eap-sim-pcsc plugin implementing a
pcsc-lite based SIM card backend.
- The eap-peap plugin implements the EAP PEAP protocol. Interoperates
successfully with a FreeRADIUS server and Windows 7 Agile VPN clients.
- The IKEv2 daemon charon rereads strongswan.conf on SIGHUP and instructs
all plugins to reload. Currently only the eap-radius and the attr plugins
support configuration reloading.
- Added userland support to the IKEv2 daemon for Extended Sequence Numbers
support coming with Linux 2.6.39. To enable ESN on a connection, add
the 'esn' keyword to the proposal. The default proposal uses 32-bit sequence
numbers only ('noesn'), and the same value is used if no ESN mode is
specified. To negotiate ESN support with the peer, include both, e.g.
- In addition to ESN, Linux 2.6.39 gained support for replay windows larger
than 32 packets. The new global strongswan.conf option 'charon.replay_window'
configures the size of the replay window, in packets.
- Sansar Choinyambuu implemented the RFC 5793 Posture Broker Protocol (BP)
compatible with Trusted Network Connect (TNC). The TNCCS 2.0 protocol
requires the tnccs_20, tnc_imc and tnc_imv plugins but does not depend
on the libtnc library. Any available IMV/IMC pairs conforming to the
Trusted Computing Group's TNC-IF-IMV/IMC 1.2 interface specification
can be loaded via /etc/tnc_config.
- Re-implemented the TNCCS 1.1 protocol by using the tnc_imc and tnc_imv
in place of the external libtnc library.
- The tnccs_dynamic plugin loaded on a TNC server in addition to the
tnccs_11 and tnccs_20 plugins, dynamically detects the IF-TNCCS
protocol version used by a TNC client and invokes an instance of
the corresponding protocol stack.
- IKE and ESP proposals can now be stored in an SQL database using a
new proposals table. The start_action field in the child_configs
tables allows the automatic starting or routing of connections stored
in an SQL database.
- The new certificate_authorities and certificate_distribution_points
tables make it possible to store CRL and OCSP Certificate Distribution
points in an SQL database.
- The new 'include' statement allows to recursively include other files in
strongswan.conf. Existing sections and values are thereby extended and
- Due to the changes in the parser for strongswan.conf, the configuration
syntax for the attr plugin has changed. Previously, it was possible to
specify multiple values of a specific attribute type by adding multiple
key/value pairs with the same key (e.g. dns) to the plugins.attr section.
Because values with the same key now replace previously defined values
this is not possible anymore. As an alternative, multiple values can be
specified by separating them with a comma (e.g. dns = 22.214.171.124, 126.96.36.199).
- ipsec listalgs now appends (set in square brackets) to each crypto
algorithm listed the plugin that registered the function.
- Traffic Flow Confidentiality padding supported with Linux 2.6.38 can be used
by the IKEv2 daemon. The ipsec.conf 'tfc' keyword pads all packets to a given
boundary, the special value '%mtu' pads all packets to the path MTU.
- The new af-alg plugin can use various crypto primitives of the Linux Crypto
API using the AF_ALG interface introduced with 2.6.38. This removes the need
for additional userland implementations of symmetric cipher, hash, hmac and
- The IKEv2 daemon supports the INITIAL_CONTACT notify as initiator and
responder. The notify is sent when initiating configurations with a unique
policy, set in ipsec.conf via the global 'uniqueids' option.
- The conftest conformance testing framework enables the IKEv2 stack to perform
many tests using a distinct tool and configuration frontend. Various hooks
can alter reserved bits, flags, add custom notifies and proposals, reorder
or drop messages and much more. It is enabled using the --enable-conftest
- The new libstrongswan constraints plugin provides advanced X.509 constraint
checking. In addition to X.509 pathLen constraints, the plugin checks for
nameConstraints and certificatePolicies, including policyMappings and
policyConstraints. The x509 certificate plugin and the pki tool have been
enhanced to support these extensions. The new left/rightcertpolicy ipsec.conf
connection keywords take OIDs a peer certificate must have.
- The left/rightauth ipsec.conf keywords accept values with a minimum strength
for trustchain public keys in bits, such as rsa-2048 or ecdsa-256.
- The revocation and x509 libstrongswan plugins and the pki tool gained basic
support for delta CRLs.
- IMPORTANT: the default keyexchange mode 'ike' is changing with release 4.5
from 'ikev1' to 'ikev2', thus commemorating the five year anniversary of the
IKEv2 RFC 4306 and its mature successor RFC 5996. The time has definitively
come for IKEv1 to go into retirement and to cede its place to the much more
robust, powerful and versatile IKEv2 protocol!
If you still like to use the old IKEv1 protocol then you must explicitly
- Added new ctr, ccm and gcm plugins providing Counter, Counter with CBC-MAC
and Galois/Counter Modes based on existing CBC implementations. These
new plugins bring support for AES and Camellia Counter and CCM algorithms
and the AES GCM algorithms for use in IKEv2. A list of all supported
algorithms can be found here.
- The new pkcs11 plugin brings full Smartcard support to the IKEv2 daemon and
the ipsec pki utility using one or more PKCS#11 libraries. It currently supports
RSA private and public key operations and loads X.509 certificates from
- Implemented a general purpose TLS stack based on crypto and credential
primitives of libstrongswan. libtls supports TLS versions 1.0, 1.1 and 1.2,
ECDHE-ECDSA/RSA, DHE-RSA and RSA key exchange algorithms and RSA/ECDSA based
- Based on libtls, the eap-tls plugin brings certificate based EAP
authentication for client and server. It is compatible to Windows 7 IKEv2
Smartcard authentication and the OpenSSL based FreeRADIUS EAP-TLS backend.
- EAP-TTLS uses strong EAP-TLS authentication for the server and
potentially weak password-based client authentication (EAP-MD5, etc.)
over a secure TLS tunnel.
- Implemented the TNCCS 1.1 Trusted Network Connect protocol using the
libtnc library on the strongSwan client and server side via the tnccs_11
plugin and optionally connecting to a TNC@FHH-enhanced FreeRADIUS AAA server.
Depending on the resulting TNC Recommendation, strongSwan clients are granted
access to a network behind a strongSwan gateway (allow), are put into a
remediation zone (isolate) or are blocked (none), respectively.
Group membership attributes are used to assign clients either to the
'rw-allow' or 'rw-isolate' subnets, respectively. As an alternative
non-complying clients can be blocked from access.
Any number of Integrity Measurement Collector/Verifier pairs can be
attached via the tnc-imc and tnc-imv charon plugins.
- The RADIUS plugin eap-radius now supports multiple RADIUS servers for
redundant setups. Servers are selected by a defined priority, server load and
- Applets for Maemo 5 (Nokia) allow to easily configure and control IKEv2
based VPN connections with EAP authentication on supported devices.
- The simple led plugin controls hardware LEDs through the Linux LED subsystem.
It currently shows activity of the IKE daemon and is a good example how to
implement a simple event listener.
- The IKEv1 daemon pluto now uses the same kernel interfaces as the IKEv2
daemon charon. As a result of this, pluto now supports xfrm marks which
were introduced in charon with 4.4.1.
- Improved MOBIKE behavior in several corner cases, for instance, if the
initial responder moves to a different address.
- Fixed left-/rightnexthop option, which was broken since 4.4.0.
- Fixed a bug not releasing a virtual IP address to a pool if the XAUTH
identity was different from the IKE identity.
- Fixed the alignment of ModeConfig messages on 4-byte boundaries in the
case where the attributes are not a multiple of 4 bytes (e.g. Cisco's
- Fixed the interoperability of the socket_raw and socket_default
- Added man page for strongswan.conf.