Minor Release


14 issues   (14 closed — 0 open)

Version 5.8.3

  • Updates for the NM plugin (and backend, which has to be updated to be compatible):
    • EAP-TLS authentication (#2097)
    • Certificate source (file, agent, smartcard) is selectable independently
    • Add support to configure local and remote identities (#2581)
    • Support configuring a custom server port (#625)
    • Show hint regarding password storage policy
    • Replaced the term "gateway" with "server"
    • Fixes build issues due to use of deprecated GLib macros/functions
    • Updated Glade file to GTK 3.2
  • The NM backend now supports reauthentication and redirection (#852).
  • Previously used reqids are now reallocated, which works around an issue on FreeBSD where the kernel
    doesn't allow the daemon to use reqids > 16383 (#2315).
  • On Linux, throw type routes are installed in table 220 for passthrough policies. The kernel will then fall
    back on routes in routing tables with lower priorities for matching traffic. This way, they require less
    information (e.g. no interface or source IP) and can be installed earlier and are not affected by updates.
  • For IKEv1, the lifetimes of the actually selected transform are returned to the initiator, which is an issue
    if the peer uses different lifetimes for different transforms (#3329). We now also return the correct
    transform and proposal IDs (proposal ID was always 0, transform ID 1).
  • IKE_SAs are now not re-established anymore (e.g. after several retransmits) if a deletion has been
    queued (#3335).
  • Added support for Ed448 keys and certificates via openssl plugin and pki tool.
  • Added support for SHA-3 and SHAKE128/256 in the openssl plugin.
  • The use of algorithm IDs from the private use range can now be enabled globally, to use them even if no
    strongSwan vendor ID was exchanged (05e373aeb0).
  • Fixed a compiler issue that may have caused invalid keyUsage extensions in certificates (#3249).
  • CI builds on LGTM and via Travis CI on new platforms (ARM64, IBM Power and IBM Z - the latter is big-endian).
    Fixed several reported issues.
Issues by