Support for IKEv2 redirection (RFC 5685) has been added. Plugins may implement the redirect_provider_t interface (source:src/libcharon/sa/redirect_provider.h) to decide if and when to redirect connecting clients. It is also possible to redirect established IKE_SAs based on different selectors via vici/swanctl. Unless disabled in strongswan.conf the charon daemon will follow redirect requests received from servers.
The ike: prefix enables the explicit configuration of signature scheme constraints against IKEv2 authentication in rightauth, which allows the use of different signature schemes for trustchain verification and authentication. Configuration of such constraints via vici/swanctl is now also possible.
The initiator of an IKEv2 make-before-break reauthentication now suspends online certificate revocation checks (OCSP, CRLs) until the new IKE_SA and all CHILD_SAs are established. This is required if the checks are done over the CHILD_SA established with the new IKE_SA. This is not possible until the initiator installs this SA and that only happens after the authentication is completed successfully. So we suspend the checks during the reauthentication and do them afterwards, if they fail the IKE_SA is closed. This change has no effect on the behavior during the authentication of the initial IKE_SA.
For the vici plugin a Vici:Session Perl CPAN module has been added to allow Perl applications to control and/or monitor the IKE daemon using the VICI interface, similar to the existing Python egg or Ruby gem.
Traffic selectors with port ranges can now be configured in the Linux kernel: e.g. remote_ts = 10.1.0.0/16[tcp/20-23] and local_ts = dynamic[tcp/32768-65535]. The port range must map to a port mask, though, since the kernel does not support arbitrary ranges.
The vici plugin allows the configuration of IPv4 and IPv6 address ranges in local and remote traffic selectors. Since both the Linux kernel and iptables cannot handle arbitrary ranges, address ranges are mapped to the next larger CIDR subnet by the kernel-netlink and updown plugins, respectively.
Implemented IKEv1 IPv4/IPv6 address subnet and range identities that can be used as owners of shared secrets.
The new p-cscf plugin can request P-CSCF server addresses from an ePDG via IKEv2 (RFC 7651). Addresses of the same families as that of requested virtual IPs are requested if enabled in strongswan.conf for a particular connection. The plugin currently writes received addresses to the log.
The default proposals now use a security strength of 128 bit. The default DH group for IKE is now either ecp256 or modp3072, depending on whether the openssl plugin is loaded or not. The default ESP proposal is aes128-sha256, which requires HMAC-SHA2-256 support with 128 bit truncation, which the Linux kernel correctly implements since 2.6.33. But there are reports that other implementations might still not do so (#1353).
DH groups are now listed for CHILD_SAs in ipsec statusall. Note that for IKEv2 the first CHILD_SA is created without a separate DH exchange (the key material is derived from the IKE keys). Therefore any DH group will only be listed after the first rekeying of such a CHILD_SA. For CHILD_SAs created with a separate CREATE_CHILD_SA exchange and for IKEv1 a DH group will always be listed if PFS is used.
IKE SPIs are now printed in network byte order in log messages and status output.
Start actions configured via vici are reversed when configs are unloaded, unchanged child configs are not affected by this anymore. Any IKE_SA that ends up without CHILD_SAs after that is now closed.
Asynchronous initiation and termination is supported via vici by specifying a timeout of -1.
To distinguish child configs with the same name associated with different connection entries the name of the connection may be sent in the initiate/install vici commands using the ike parameter.
The vici plugin and swanctl now support authentication with raw public keys. Also, the commands used to manage and list certificates/keys have been extended.
Multiple authentication rounds sent via vici may now be ordered by the optional round parameter instead of by the order of the local/remote* sections in the request (required for the Perl bindings that don't use ordered dictionaries).
The vici plugin and swanctl are now enabled by default.
CHILD_SAs of IKEv1 SAs might now optionally (charon.delete_rekeyed in strongswan.conf) be deleted immediately after they got successfully rekeyed instead of waiting for the hard timeout, which could be problematic if traffic based limits are used.
The charon.reuse_ikesa option is now always enabled for IKEv1 (24ab8530e5).
IPv6 virtual IPs are now correctly sent for IKEv1 (91d80298f9). The incorrect encoding is still accepted but the new encoding might cause problems for older strongSwan clients.
No NAT keepalives are sent if a host has lost connectivity (i.e. no local address is found to reach the peer).
In the log threads may optionally be identified by their actual thread ID instead of a simple incremented value starting from 1 (--enable-log-thread-ids).
libhydra has been removed, all plugins and the kernel interface have been integrated into libcharon.