- Support for IKEv2 redirection (RFC 5685) has been added. Plugins may
to decide if and when to redirect connecting clients. It is also possible to
redirect established IKE_SAs based on different selectors via vici/swanctl.
Unless disabled in strongswan.conf the charon daemon will follow redirect
requests received from servers.
ike:prefix enables the explicit configuration of signature scheme
constraints against IKEv2 authentication in rightauth, which allows the use
of different signature schemes for trustchain verification and authentication.
Configuration of such constraints via vici/swanctl is now also possible.
- The initiator of an IKEv2 make-before-break reauthentication now suspends
online certificate revocation checks (OCSP, CRLs) until the new IKE_SA and all
CHILD_SAs are established. This is required if the checks are done over the
CHILD_SA established with the new IKE_SA. This is not possible until the
initiator installs this SA and that only happens after the authentication is
completed successfully. So we suspend the checks during the reauthentication
and do them afterwards, if they fail the IKE_SA is closed. This change has no
effect on the behavior during the authentication of the initial IKE_SA.
- For the vici plugin a Vici:Session Perl CPAN module has been added to allow
Perl applications to control and/or monitor the IKE daemon using the VICI
interface, similar to the existing Python egg or Ruby gem.
- Traffic selectors with port ranges can now be configured in the Linux kernel:
e.g. remote_ts = 10.1.0.0/16[tcp/20-23] and local_ts = dynamic[tcp/32768-65535].
The port range must map to a port mask, though, since the kernel does not
support arbitrary ranges.
- The vici plugin allows the configuration of IPv4 and IPv6 address ranges
in local and remote traffic selectors. Since both the Linux kernel and
iptablescannot handle arbitrary ranges, address ranges are mapped to the
next larger CIDR subnet by the kernel-netlink and updown plugins, respectively.
- Implemented IKEv1 IPv4/IPv6 address subnet and range identities that can be
used as owners of shared secrets.
- The new p-cscf plugin can request P-CSCF server addresses from an ePDG via
IKEv2 (RFC 7651). Addresses of the same families as that of requested virtual
IPs are requested if enabled in strongswan.conf for a particular connection.
The plugin currently writes received addresses to the log.
- The default proposals now use a security strength of 128 bit. The default DH group
for IKE is now either ecp256 or modp3072, depending on whether the openssl plugin
is loaded or not. The default ESP proposal is aes128-sha256, which requires HMAC-SHA2-256
support with 128 bit truncation, which the Linux kernel correctly implements since 2.6.33.
But there are reports that other implementations might still not do so (#1353).
- DH groups are now listed for CHILD_SAs in
ipsec statusall. Note that for IKEv2 the
first CHILD_SA is created without a separate DH exchange (the key material is derived
from the IKE keys). Therefore any DH group will only be listed after the first rekeying
of such a CHILD_SA. For CHILD_SAs created with a separate CREATE_CHILD_SA exchange
and for IKEv1 a DH group will always be listed if PFS is used.
- IKE SPIs are now printed in network byte order in log messages and status output.
- Start actions configured via vici are reversed when configs are unloaded, unchanged
child configs are not affected by this anymore. Any IKE_SA that ends up without CHILD_SAs
after that is now closed.
- Asynchronous initiation and termination is supported via vici by specifying a timeout of -1.
- To distinguish child configs with the same name associated with different
connection entries the name of the connection may be sent in the initiate/install
vici commands using the ike parameter.
- The vici plugin and swanctl now support authentication with raw public keys. Also,
the commands used to manage and list certificates/keys have been extended.
- Multiple authentication rounds sent via vici may now be ordered by the optional round
parameter instead of by the order of the local/remote* sections in the request (required for
the Perl bindings that don't use ordered dictionaries).
- CHILD_SAs of IKEv1 SAs might now optionally (charon.delete_rekeyed in strongswan.conf)
be deleted immediately after they got successfully rekeyed instead of waiting for the hard
timeout, which could be problematic if traffic based limits are used.
- The charon.reuse_ikesa option is now always enabled for IKEv1 (24ab8530e5).
- IPv6 virtual IPs are now correctly sent for IKEv1 (91d80298f9). The incorrect encoding is
still accepted but the new encoding might cause problems for older strongSwan clients.
- No NAT keepalives are sent if a host has lost connectivity (i.e. no local address is found to
reach the peer).
- In the log threads may optionally be identified by their actual thread ID instead of a simple
incremented value starting from 1 (--enable-log-thread-ids).
- libhydra has been removed, all plugins and the kernel interface have been integrated