4.3.0¶

• Support for the IKEv2 Multiple Authentication Exchanges extension (RFC4739).
  Initiators and responders can use several authentication rounds (e.g. RSA
  followed by EAP) to authenticate. The new ipsec.conf leftauth/rightauth and
  leftauth2/rightauth2 parameters define own authentication rounds or setup
  constraints for the remote peer. See the ipsec.conf man page for more detials.

• If glibc printf hooks (register_printf_function) are not available,
  strongSwan can use the vstr string library to run on non-glibc systems.

• The IKEv2 charon daemon can now configure the ESP CAMELLIA-CBC cipher
  (esp=camellia128|192|256).

• Refactored the pluto and scepclient code to use basic functions (memory
  allocation, leak detective, chunk handling, printf_hooks, strongswan.conf
  attributes, ASN.1 parser, etc.) from the libstrongswan library.

• Up to two DNS and WINS servers to be sent via IKEv1 ModeConfig can be
  configured in the pluto section of strongswan.conf.