Version 5.1.2¶

• A new default configuration file layout is introduced (with full backward compatibility).
  The new default strongswan.conf file mainly includes config snippets from the
  strongswan.d and strongswan.d/charon directories (the latter containing snippets
  for all plugins). The snippets, with commented defaults, are automatically generated
  and installed, if they don't exist yet. They are also installed in
  $prefix/share/strongswan/templates so existing files can be compared to
  the current defaults.

• As an alternative to the non-extensible charon.load setting, the plugins
  to load in charon (and optionally other applications) can now be determined
  via the charon.plugins.<name>.load setting for each plugin (enabled in the
  new default strongswan.conf file via the charon.load_modular option).
  The load setting optionally takes a numeric priority value that allows
  reordering the plugins (otherwise the default plugin order is preserved).

• All strongswan.conf settings that were formerly defined in library specific
  "global" sections are now application specific (e.g. settings for plugins in
  libstrongswan.plugins can now be set only for charon in charon.plugins).
  The old options are still supported, which now allows to define defaults for
  all applications in the libstrongswan section.

• The ntru libstrongswan plugin supports NTRUEncrypt as a post-quantum
  computer IKE key exchange mechanism. The implementation is based on the
  ntru-crypto library from the NTRUOpenSourceProject. The supported security
  strengths are ntru112, ntru128, ntru192, and ntru256. Since the private DH
  group IDs 1030..1033 have been assigned, the strongSwan Vendor ID must be
  sent (charon.send_vendor_id = yes) in order to use NTRU.

• Defined a TPMRA remote attestation workitem and added support for it to the
  Attestation IMV.

• Compatibility issues between IPComp (compress=yes) and leftfirewall=yes as
  well as multiple subnets in left|rightsubnet have been fixed.

• When enabling its session strongswan.conf option, the xauth-pam plugin opens
  and closes a PAM session for each established IKE_SA. Patch courtesy of Andrea Bonomi.

• The strongSwan unit testing framework has been rewritten without the check
  dependency for improved flexibility and portability. It now properly supports
  multi-threaded and memory leak testing and brings a bunch of new test cases.

• The NetworkManager frontend gained support for PSK authentication.

• The interface option of the dhcp plugin allows binding to a specific interface (3711f66e54).

• If charon.plugins.stroke.prevent_loglevel_changes is enabled, the stroke plugin prevents
  log level changes via ipsec stroke.

• The inactivity counter is reset with every rekeying, which means that the inactivity timeout
  must be smaller than the rekeying interval to have any effect (d048a319df).

• SQL schemas and example data (IMV) are now distributed and installed in $prefix/share/strongswan.

• A method to register custom proposal keyword parsers has been added (568e302260).

• A deadlock was fixed when installing trap policies (bb492d80b5).