Version 4.1.6¶

• Since some third party IKEv2 implementations run into
  problems with strongSwan announcing MOBIKE capability per
  default, MOBIKE can be disabled on a per-connection-basis
  using the mobike=no option. Whereas mobike=no disables the
  sending of the MOBIKE_SUPPORTED notification and the floating
  to UDP port 4500 with the IKE_AUTH request even if no NAT
  situation has been detected, strongSwan will still support
  MOBIKE acting as a responder.

• the default ipsec routing table plus its corresponding priority
  used for inserting source routes has been changed from 100 to 220.
  It can be configured using the --with-ipsec-routing-table and
  --with-ipsec-routing-table-prio options.

• the --enable-integrity-test configure option tests the
  integrity of the libstrongswan crypto code during the charon
  startup.

• the --disable-xauth-vid configure option disables the sending
  of the XAUTH vendor ID. This can be used as a workaround when
  interoperating with some Windows VPN clients that get into
  trouble upon reception of an XAUTH VID without eXtended
  AUTHentication having been configured.

• ipsec stroke now supports the rereadsecrets, rereadaacerts,
  rereadacerts, and listacerts options.