- Updates for the NM plugin (and backend, which has to be updated to be compatible):
- EAP-TLS authentication (#2097)
- Certificate source (file, agent, smartcard) is selectable independently
- Add support to configure local and remote identities (#2581)
- Support configuring a custom server port (#625)
- Show hint regarding password storage policy
- Replaced the term "gateway" with "server"
- Fixes build issues due to use of deprecated GLib macros/functions
- Updated Glade file to GTK 3.2
- The NM backend now supports reauthentication and redirection (#852).
- Previously used reqids are now reallocated, which works around an issue on FreeBSD where the kernel
doesn't allow the daemon to use reqids > 16383 (#2315).
- On Linux, throw type routes are installed in table 220 for passthrough policies. The kernel will then fall
back on routes in routing tables with lower priorities for matching traffic. This way, they require less
information (e.g. no interface or source IP) and can be installed earlier and are not affected by updates.
- For IKEv1, the lifetimes of the actually selected transform are returned to the initiator, which is an issue
if the peer uses different lifetimes for different transforms (#3329). We now also return the correct
transform and proposal IDs (proposal ID was always 0, transform ID 1).
- IKE_SAs are now not re-established anymore (e.g. after several retransmits) if a deletion has been
- Added support for Ed448 keys and certificates via openssl plugin and pki tool.
- Added support for SHA-3 and SHAKE128/256 in the openssl plugin.
- The use of algorithm IDs from the private use range can now be enabled globally, to use them even if no
strongSwan vendor ID was exchanged (05e373aeb0).
- Fixed a compiler issue that may have caused invalid keyUsage extensions in certificates (#3249).
- A lot of spelling fixes courtesy of Josh Soref (https://github.com/jsoref/spelling).
- CI builds on LGTM and via Travis CI on new platforms (ARM64, IBM Power and IBM Z - the latter is big-endian).
Fixed several reported issues.