Changelog for 5.0.x

Version 5.0.4

  • Fixed a security vulnerability in the openssl plugin which was reported by
    Kevin Wojtysiak. The vulnerability has been registered as CVE-2013-2944.
    Before the fix, if the openssl plugin's ECDSA signature verification was used,
    due to a misinterpretation of the error code returned by the OpenSSL
    ECDSA_verify() function, an empty or zeroed signature was accepted as a
    legitimate one.
    Refer to our blog for details.
  • The handling of a couple of other non-security relevant OpenSSL return codes
    was fixed as well.
  • The tnc_ifmap plugin now publishes virtual IPv4 and IPv6 addresses via its
    TCG TNC IF-MAP 2.1 interface.
  • The charon.initiator_only strongswan.conf option causes charon to ignore
    IKE initiation requests.
  • The openssl plugin can now use the openssl-fips library.

Version 5.0.3

  • The new ipseckey plugin enables authentication based on trustworthy public
    keys stored as IPSECKEY resource records in the DNS and protected by DNSSEC.
    To do so it uses a DNSSEC enabled resolver, like the one provided by the new
    unbound plugin, which is based on libldns and libunbound. Both plugins were
    created by Reto Guadagnini. Examples: ikev2/net2net-dnssec ikev2/rw-dnssec
  • Implemented the TCG TNC IF-IMV 1.4 draft making access requestor identities
    available to an IMV. The OS IMV stores the AR identity together with the
    device ID in the attest database.
  • The openssl plugin now uses the AES-NI accelerated version of AES-GCM
    if the hardware supports it.
  • The eap-radius plugin can now assign virtual IPs to IKE clients using the
    Framed-IP-Address attribute by using the %radius named pool in the
    rightsourceip ipsec.conf option. Cisco Banner attributes are forwarded to
    Unity-capable IKEv1 clients during mode config. charon now sends Interim
    Accounting updates if requested by the RADIUS server, reports
    sent/received packets in Accounting messages, and adds a Terminate-Cause
    to Accounting-Stops.
  • The recently introduced ipsec listcounters command can report connection
    specific counters by passing a connection name, and global or connection
    counters can be reset by the ipsec resetcounters command.
  • The tnc-ifmap plugin has been reimplemented without any dependency to
    the Apache Axis2/C library. Several configuration options have been changed.
  • The strongSwan libpttls library provides an experimental implementation of
    PT-TLS (RFC 6876), a Posture Transport Protocol over TLS.
  • The charon systime-fix plugin can disable certificate lifetime checks on
    embedded systems if the system time is obviously out of sync after bootup.
    Certificates lifetimes get checked once the system time gets sane, closing
    or reauthenticating connections using expired certificates.
  • The ikedscp ipsec.conf option can set DiffServ code points on outgoing
    IKE packets.
  • The new xauth-noauth plugin allows to use basic RSA or PSK authentication with
    clients that cannot be configured without XAuth authentication. The plugin
    simply concludes the XAuth exchange successfully without actually performing
    any authentication. Therefore, to use this backend it has to be selected
    explicitly with rightauth2=xauth-noauth.
  • The new charon-tkm IKEv2 daemon delegates security critical operations to a
    separate process. This has the benefit that the network facing daemon has no
    knowledge of keying material used to protect child SAs. Thus subverting
    charon-tkm does not result in the compromise of cryptographic keys.
    The extracted functionality has been implemented from scratch in a minimal TCB
    (trusted computing base) in the Ada programming language. Further information
    can be found at
  • Multiple certificates can be configured for left|rightcert in ipsec.conf. The daemon
    chooses the certificate based on the received certificate requests, if possible,
    before enforcing the first.
  • Mutual EAP authentication has been fixed when it is not used as first authentication
  • The NetworkManager backend (charon-nm) uses a TUN device to satisfy NM's need
    for a network device. This fixes LP:872824.
  • A route is installed for shunt policies (passthrough/drop). This fixes some combinations
    of shunt policies and virtual IP addresses as locally generated traffic wouldn't match
    the shunt policy anymore due to the route installed with the VIP. Also, the unity plugin
    includes the local address in split-exclude shunt policies.
  • Added an option (charon.plugins.ha.autobalance) to balance a HA cluster automatically.
  • Most parts of the android plugin (the backend for the Android VPN applet patch) have
    been removed and the remaining DNS handler has been moved to the new android-dns plugin.
  • Alignment issues in the kernel-netlink plugin have been fixed and the Netlink XFRM message
    attribute handling has been refactored.
  • The --disable-defaults configure option allows to disable all features
    that are enabled by default.
  • The charon.plugins.stroke.timeout strongswan.conf option allows to define a timeout in ms
    for any stroke command.
  • ipsec statusall reports the number of processed IPsec packets.
  • Reloading secrets from ipsec.secrets with ipsec rereadsecrets is now done atomically.
  • Supplementary groups are initialized using initgroups(3) when running as unprivileged user.
  • Fixed handling of IPv6 SQL address pools if multiple pools are assigned to rightsourceip.

Version 5.0.2

  • Implemented all IETF Standard PA-TNC attributes and an OS IMC/IMV
    pair using them to transfer operating system information.
  • The new ipsec listcounters command prints a list of global counter values
    about received and sent IKE messages and rekeyings.
  • A new lookip plugin can perform fast lookup of tunnel information using a
    clients virtual IP and can send notifications about established or deleted
    tunnels. The "ipsec lookip" command can be used to query such information
    or receive notifications.
  • The new error-notify plugin catches some common error conditions and allows
    an external application to receive notifications for them over a UNIX socket.
  • IKE proposals can now use a PRF algorithm different to that defined for
    integrity protection. If an algorithm with a "prf" prefix is defined
    explicitly (such as prfsha1 or prfsha256), no implicit PRF algorithm based on
    the integrity algorithm is added to the proposal.
  • The pkcs11 plugin can now load leftcert certificates from a smartcard for a
    specific ipsec.conf conn section and cacert CA certificates for a specific ca
  • The load-tester plugin gained additional options for certificate generation
    and can load keys and multiple CA certificates from external files. It can
    install a dedicated outer IP address for each tunnel and tunnel initiation
    batches can be triggered and monitored externally using the
    ipsec load-tester tool.
  • PKCS#7 container parsing has been modularized, and the openssl plugin
    gained an alternative implementation to decrypt and verify such files.
    In contrast to our own DER parser, OpenSSL can handle BER files, which is
    required for interoperability of our scepclient with EJBCA.
  • Support for the proprietary IKEv1 fragmentation extension has been added.
    Fragments are always handled on receipt but only sent if supported by the peer
    and if enabled with the new fragmentation ipsec.conf option.
  • IKEv1 in charon can now parse certificates received in PKCS#7 containers and
    supports NAT traversal as used by Windows clients. Patches courtesy of
    Volker Rümelin.
  • The new rdrand plugin provides a high quality / high performance random
    source using the Intel rdrand instruction found on Ivy Bridge processors.
  • The integration test environment (see source:testing/README) was updated and
    now uses KVM and reproducible guest images based on Debian.
  • The charon.ikesa_limit strongswan.conf option allows responders to limit
    the number of concurrently established IKE_SAs.
  • The charon daemon reloads the logger configuration from strongswan.conf
    if it receives a SIGHUP. Besides changing the configuration this allows to easily rotate
    log files created by file loggers without having to restart the daemon.
  • Resolving hosts by DNS name is now done in separate threads, which allows us
    to cancel these lookups (if getaddrinfo(3) is a cancellation point, anyway).
    The maximum number of threads can be configured in strongswan.conf.
  • Changed connections with auto=route are properly updated during ipsec update|reload.
  • Added missing XFRM marks for several functions in the kernel-netlink plugin.
  • The encoding of TLS extensions (elliptic_curves and signature_algorithms) was fixed.

Version 5.0.1

  • Introduced the sending of the standard IETF Assessment Result
    PA-TNC attribute by all strongSwan Integrity Measurement Verifiers.
  • Extended PTS Attestation IMC/IMV pair to provide full evidence of
    the Linux IMA measurement process. All pertinent file information
    of a Linux OS can be collected and stored in an SQL database.
  • The PA-TNC and PB-TNC protocols can now process huge data payloads
    >64 kB by distributing PA-TNC attributes over multiple PA-TNC messages
    and these messages over several PB-TNC batches. As long as no
    consolidated recommandation from all IMVs can be obtained, the TNC
    server requests more client data by sending an empty SDATA batch.
  • The rightgroups2 ipsec.conf option can require group membership during
    a second authentication round, for example during XAuth authentication
    against a RADIUS server.
  • The xauth-pam backend can authenticate IKEv1 XAuth and Hybrid authenticated
    clients against any PAM service. The IKEv2 eap-gtc plugin does not use
    PAM directly anymore, but can use any XAuth backend to verify credentials,
    including xauth-pam.
  • The new unity plugin brings support for some parts of the IKEv1 Cisco Unity
    Extensions. As client, charon narrows traffic selectors to the received
    Split-Include attributes and automatically installs IPsec bypass policies
    for received Local-LAN attributes. As server, charon sends Split-Include
    attributes for leftsubnet definitions containing multiple subnets to Unity-
    aware clients.
  • An EAP-Nak payload is returned by clients if the gateway requests an EAP
    method that the client does not support. Clients can also request a specific
    EAP method by configuring that method with leftauth in ipsec.conf.
  • The eap-dynamic plugin handles EAP-Nak payloads returned by clients and uses
    these to select a different EAP method supported/requested by the client.
    The plugin initially requests the first registered method or the first method
    configured with charon.plugins.eap-dynamic.preferred in strongswan.conf.
  • The new left|rightdns ipsec.conf options specify connection specific DNS servers to
    request/respond in IKEv2 configuration payloads or IKEv2 mode config. leftdns
    can be any (comma separated) combination of %config4 and %config6 to request
    multiple servers, both for IPv4 and IPv6. rightdns takes a list of DNS server
    IP addresses to return.
  • The left|rightsourceip options now accept multiple addresses or pools.
    leftsourceip can be any (comma separated) combination of %config4, %config6
    or fixed IP addresses to request. rightsourceip accepts multiple explicitly
    specified or referenced named pools.
  • Multiple connections can now share a single address pool when they use the
    same definition in one of the rightsourceip pools.
  • The strongswan.conf options charon.interfaces_ignore and charon.interfaces_use
    allow one to configure the network interfaces used by the daemon.
  • The kernel-netlink plugin supports the new strongswan.conf option
    charon.install_virtual_ip_on, which specifies the interface on which
    virtual IP addresses will be installed. If it is not specified the current behavior
    of using the outbound interface is preserved.
  • The kernel-netlink plugin tries to keep the current source address when
    looking for valid routes to reach other hosts.
  • The autotools build has been migrated to use a config.h header. strongSwan
    development headers will get installed during "make install" if
    --with-dev-headers has been passed to ./configure.
  • All crypto primitives gained return values for most operations, allowing
    crypto backends to fail, for example when using hardware accelerators.
  • The UDP ports used by charon can be configured via ./configure or the
    charon.port and charon.port_nat_t options in strongswan.conf,
    if ports are configure to 0 they will be allocated randomly.
  • With uniqueids=never configured in ipsec.conf INITIAL_CONTACT notifies are ignored.
    Even with uniqueids=no configured the daemon will delete existing IKE_SAs with the same
    peer upon receipt of an INITIAL_CONTACT notify. This new option allows to ignore these notifies.
  • Prefixing the identity configured with rightid with a % character prevents initiators
    from sending an IDr payload in the IKE_AUTH exchange. Later the configured identity will
    not only be checked against the returned IDr, but also against other identities contained
    in the responder's certificate.
  • Non-"/0" subnet sizes are accepted for traffic selectors starting at
  • Job handling in controller_t was fixed, which occasionally caused crashes on ipsec up/down.
  • Caching of relations in validated certificate chains can be disabled with the
    libstrongswan.cert_cache strongswan.conf option.
  • Logging of multi-line log messages was fixed in situations where more than one logger
    was registered.
  • Fixed transmission EAP-MSCHAPv2 user name if it contains a domain part.
  • Added an option to enforce the configured destination address for DHCP packets.

Version 5.0.0

  • The charon IKE daemon gained experimental support for the IKEv1 protocol.
    Pluto has been removed from the 5.x series, and unless strongSwan is
    configured with --disable-ikev1 or --disable-ikev2, charon handles
    both keying protocols. The feature-set of IKEv1 in charon is almost on par with
    pluto, but currently does not support AH or bundled AH+ESP SAs. Beside
    RSA/ECDSA, PSK and XAuth, charon also supports the Hybrid authentication
    mode. Information for interoperability and migration is available on
    our wiki
    . More details about the history and context of these changes
    can be found in our related blog post.
  • Charon's bus_t has been refactored so that loggers and other listeners are
    now handled separately. The single lock was previously cause for deadlocks
    if extensive listeners, such as the one provided by the updown plugin, wanted
    to acquire locks that were held by other threads which in turn tried to log
    messages, and thus were waiting to acquire the same lock currently held by
    the thread calling the listener.
    The implemented changes also allow the use of a read/write-lock for the
    loggers which increases performance if multiple loggers are registered.
    Besides several interface changes this last bit also changes the semantics
    for loggers as these may now be called by multiple threads concurrently.
  • Source routes are reinstalled if interfaces are reactivated or IP addresses
  • The thread pool (processor_t) now has more control over the lifecycle of
    a job (see source:src/libstrongswan/processing/jobs/job.h for details).
    In particular, it now controls the destruction of jobs after execution and
    the cancellation of jobs during shutdown. Due to these changes the requeueing
    feature, previously available to callback_job_t only, is now available to all
    jobs (in addition to a new rescheduling feature).
  • In addition to trustchain key strength definitions for different public key
    systems, the rightauth ipsec.conf option now takes a list of signature
    hash algorithms considered save for trustchain validation. For example,
    the setting rightauth=rsa-2048-ecdsa-256-sha256-sha384-sha512
    requires a trustchain that uses at least RSA-2048 or ECDSA-256 keys and
    certificate signatures using SHA-256 or better.
  • The NetworkManager charon plugin of previous releases is now provided by a
    separate executable (charon-nm) and it should work again with NM 0.9.
  • scepclient was updated and it now works fine with Windows Server 2008 R2.
    Among other things, support for multiple CA/RA certificates and configurable
    digest/signature algorithms was added.
  • Thanks to initial patches by Aleksandr Grinberg the openssl plugin now provides
    PRFs and signers based on HMACs, and can also be used as RNG.
  • The left|rightallowany ipsec.conf option previously available only for
    IKEv1 is now also supported for IKEv2 connections.
  • A strongswan.conf option to retry the initiation of an IKE_SA, if it failed due to a
    failed DNS lookup, was added (charon.retry_initiate_interval, disabled by default).
  • The source address lookup for IPv6 addresses was fixed (this fixes MOBIKE with IPv6,
    which was broken in some scenarios since 4.6.2).
  • Installing IPsec policies with ports (left|rightprotoport) was fixed in the
    PF_KEY kernel interface.