Version 4.3.0¶
- Support for the IKEv2 Multiple Authentication Exchanges extension (RFC4739).
Initiators and responders can use several authentication rounds (e.g. RSA
followed by EAP) to authenticate. The new ipsec.conf leftauth/rightauth and
leftauth2/rightauth2 parameters define own authentication rounds or setup
constraints for the remote peer. See the ipsec.conf man page for more detials.
- If glibc printf hooks (register_printf_function) are not available,
strongSwan can use the vstr string library to run on non-glibc systems.
- The IKEv2 charon daemon can now configure the ESP CAMELLIA-CBC cipher
(esp=camellia128|192|256).
- Refactored the pluto and scepclient code to use basic functions (memory
allocation, leak detective, chunk handling, printf_hooks, strongswan.conf
attributes, ASN.1 parser, etc.) from the libstrongswan library.
- Up to two DNS and WINS servers to be sent via IKEv1 ModeConfig can be
configured in the pluto section of strongswan.conf.