Changelog for 5.9.x

Changelogs for newer releases can be found on GitHub.

Version 5.9.1

  • Remote attestation via TNC supports the SHA-256 based TPM 2.0 BIOS/EFI measurements introduced
    with the Linux 5.4 kernel. This includes support for the BIOS/EFI event log and variable sized PCR banks.
  • The tpm plugin supports SHA-3 and CMAC with TPM 2.0.
  • Nonces in OCSP responses are not enforced anymore (added with 5.8.2) and only validated if a nonce
    is actually contained (#3557).
  • Fixed an issue when only some fragments of a retransmitted IKEv2 message were received, which prevented
    processing a following fragmented message (non-fragmented messages were correctly processed, 6586f07162).
  • All remaining queued vici messages are now sent to subscribed clients during shutdown, which includes
    ike/child-updown events triggered when all established SAs are deleted (ef636316d2).
  • CHILD_SA IP addresses are now updated before installation of the IPsec SAs and policies to allow MOBIKE
    updates happening while retransmitting a CREATE_CHILD_SA request (#3164).
  • When looking for a route to the peer, the kernel-netlink plugin now ignores the current source address if it's
    deprecated. It also updates the flags associated with cached IP addresses and triggers a roam event if they
    change. So a MOBIKE update now switches to a new address if the current one gets deprecated (#3511).
  • The file and syslog loggers support logging the log level of each message after the subsystem (e.g.
    [IKE2], #3509).
  • charon-nm is now properly terminated during system shutdown (#3579).
  • Improved support for EdDSA keys in vici/swanctl, in particular, encrypted keys are now supported (#3586).
  • A new global strongswan.conf option allows sending the Cisco FlexVPN vendor ID to prevent Cisco
    devices from narrowing a traffic selectors (GH#180).
  • The openssl plugin accepts CRLs issued by non-CA certificates if they contain the cRLSign keyUsage
    flag (the x509 plugin already does this since 4.5.1).
  • Attributes in PKCS#7 containers, as used in SCEP, are now properly DER-encoded, i.e. sorted (#3589).
  • Failures during restarts of IKEv1 CHILD_SAs are now properly handled (12a3f3ca52).
  • Virtual IPv6 addresses and IPv6 source address pools are now supported in the load-tester plugin (#3595).
  • The Android client optionally supports IPv6 transport addresses for IKE and ESP (requires UDP encapsulation
    for IPv6 on the server, which Linux only supports since 5.8).
  • /dev/random on guest hosts in the testing environment is now mapped to the host's /dev/urandom
    via VirtIO RNG, which requires support in the guest kernel (CONFIG_HW_RANDOM_VIRTIO).

Version 5.9.0

  • We prefer AEAD algorithms for ESP and therefore put AES-GCM in a default AEAD proposal in front
    of the previous default proposal.
  • Changes related to the NM frontend and backend (charon-nm):
    • Password entry for private keys in the frontend has been fixed, in the backend, cached credentials
      are now also cleared when the connection is terminated (#3428).
    • The AppStream metadata installed by the frontend has been migrated from appdata to
      metainfo (73b60338dc).
    • The height of the frontend has been reduced by using tabs for options/proposals (#3448).
    • DPD and close action are now set to restart in the backend (#3300).
    • The backend supports custom remote traffic selectors via remote-ts option (separated by ;).
      There is currently no GUI support, so configuration has to be done manually via nmcli or
      config file.
  • If a connection fails after getting redirected, we now restart connecting to the original host, not the
    one redirected to.
  • The pkcs11 plugin falls back to hashing data for PKCS#1 v1.5 RSA signatures in software if the
    smartcard/library doesn't support signature mechanisms with hashing (e.g. CKM_SHA256_RSA_PKCS).
  • The owner/group of the log file opened by the file logger (e.g. via charon.filelog) is now set so the
    daemon can reopen it if the config is reloaded and it doesn't run as root.
  • The wolfssl plugin (when used with wolfSSL 4.4.0+) supports x448 Diffie-Hellman and Ed448 keys.
  • For peers that don't send the EAP_ONLY_AUTHENTICATION notify but still expect to use EAP-only
    authentication, the charon.force_eap_only_authentication option can be enabled to force this type
    of authentication even on non-compliant peers.
  • DH groups are properly handled during migration of CHILD_SA-creating tasks when reestablishing (may
    have caused DH groups in the proposal sent during IKE_AUTH).
  • The vici plugin stores all CA certificates in one location, which avoids issues with unloading authority
    sections or clearing all credentials (GH#172).
  • When unloading a vici connection with start_action=start, any related IKE_SAs without children are now
    terminated (including those in CONNECTING state).
  • The hashtable implementation has been changed so it maintains insertion order (the old implementation,
    including the get_match() method and a new feature to sort keys, has been migrated to the hashlist_t
    class). This was mainly done so the vici plugin can store its connections in a hashtable, which makes
    managing high numbers of connections faster.
  • The default maximum size for vici messages (512 KiB) can now be changed via VICI_MESSAGE_SIZE_MAX
    compile option.
  • IPv6 virtual IPs are now always enumerated, ignoring the charon.prefer_temporary_addrs setting, which
    should fix route installation if the latter is enabled.
  • The version as obtained from the Git repository (via git describe) on which a build is based can now be
    used in executables (--enable-git-version). Tarballs include a text file with that information cached.
  • Connectivity with the Android client got a lot more stable on Android 6+ where the system aggressively
    suspends apps when the device is idle (Doze mode). We now use a custom scheduler that uses Android's
    AlarmManager, which allows waking up the app even if the system put it to sleep. It does require adding
    the app to the system's battery optimization whitelist, which is requested from the user automatically if
    necessary. With this, NAT keepalives and rekeyings are now scheduled accurately, with little changes to the
    battery usage (#3364).
    There are some related changes that could be useful outside of the Android client:
    • It's possible to use other clocks than CLOCK_MONOTONIC (e.g. CLOCK_BOOTTIME) via TIME_CLOCK_ID
      compile option if clock_gettime() is available and pthread_condattr_setclock() supports that
      clock (Android's bionic C library e.g. only supports CLOCK_MONOTONIC and CLOCK_REALTIME while the
      kernel would support CLOCK_BOOTTIME via clock_gettime()).
    • When using a clock that includes time spent suspended, the new charon.keep_alive_dpd_margin option
      may be used to trigger a DPD instead of a NAT keepalive if too much time has passed.
    • Another option (charon.check_current_path) allows forcing a DPD exchange to check if the current path
      still works whenever changes to interfaces/addresses are detected.