Annotation of embedaddon/strongswan/NEWS, revision 1.1
1.1 ! misho 1: strongswan-5.8.4
! 2: ----------------
! 3:
! 4: - In IKEv1 Quick Mode make sure that a proposal exists before determining
! 5: lifetimes (fixes crash due to null pointer exception).
! 6:
! 7: - OpenSSL currently doesn't support squeezing bytes out of a SHAKE128/256
! 8: XOF (eXtended Output Function) multiple times. Unfortunately,
! 9: EVP_DigestFinalXOF() completely resets the context and later calls not
! 10: simply fail, they cause a null-pointer dereference in libcrypto. This
! 11: fixes the crash at the cost of repeating initializing the whole state
! 12: and allocating too much data for subsequent calls.
! 13:
! 14:
! 15: strongswan-5.8.3
! 16: ----------------
! 17:
! 18: - Updates for the NM backend (and plugin), among others: EAP-TLS authentication,
! 19: configurable local and remote IKE identities, custom server port, redirection
! 20: and reauthentication support.
! 21:
! 22: - Previously used reqids are now reallocated to workaround an issue on FreeBSD
! 23: where the daemon can't use reqids > 16383.
! 24:
! 25: - On Linux, throw type routes are installed for passthrough policies. They act
! 26: as fallbacks on routes in other tables and require less information, so they
! 27: can be installed earlier and are not affected by updates.
! 28:
! 29: - For IKEv1, the lifetimes of the selected transform are returned to the
! 30: initiator, which is an issue with peers that propose different lifetimes in
! 31: different transforms. We also return the correct transform and proposal IDs.
! 32:
! 33: - IKE_SAs are not re-established anymore if a deletion has been queued.
! 34:
! 35: - Added support for Ed448 keys and certificates via openssl plugin and pki tool.
! 36: The openssl plugin also supports SHA-3 and SHAKE128/256.
! 37:
! 38: - The use of algorithm IDs from the private use ranges can now be enabled
! 39: globally, to use them even if no strongSwan vendor ID was exchanged.
! 40:
! 41:
! 42: strongswan-5.8.2
! 43: ----------------
! 44:
! 45: - Identity-based CA constraints are supported via vici/swanctl.conf. They
! 46: enforce that the remote's certificate chain contains a CA certificate with a
! 47: specific identity. While similar to the existing CA constraints, they don't
! 48: require that the CA certificate is locally installed such as intermediate CA
! 49: certificates received from peers. Compared to wildcard identity matching (e.g.
! 50: "..., OU=Research, CN=*") this requires less trust in the intermediate CAs (to
! 51: only issue certificates with legitimate subject DNs) as long as path length
! 52: basic constraints prevent them from issuing further intermediate CAs.
! 53:
! 54: - Intermediate CA certificates may now be sent in hash-and-URL encoding by
! 55: configuring a base URL for the parent CA.
! 56:
! 57: - Implemented NIST SP-800-90A Deterministic Random Bit Generator (DRBG)
! 58: based on AES-CTR and SHA2-HMAC modes. Currently used by gmp and ntru plugins.
! 59:
! 60: - Random nonces sent in an OCSP requests are now expected in the corresponding
! 61: OCSP responses.
! 62:
! 63: - The kernel-netlink plugin ignores deprecated IPv6 addresses for MOBIKE.
! 64: Whether temporary or permanent IPv6 addresses are included depends on the
! 65: charon.prefer_temporary_addrs setting.
! 66:
! 67: - Extended Sequence Numbers (ESN) are configured via PF_KEY if supported by the
! 68: kernel.
! 69:
! 70: - Unique section names are used for CHILD_SAs in vici child-updown events and
! 71: more information (e.g. statistics) are included for individually deleted
! 72: CHILD_SAs (in particular for IKEv1).
! 73:
! 74: - So fallbacks to other plugins work properly, creating HMACs via openssl plugin
! 75: now fails instantly if the underlying hash algorithm isn't supported (e.g.
! 76: MD5 in FIPS-mode).
! 77:
! 78: - Exponents of RSA keys read from TPM 2.0 via SAPI are now correctly converted.
! 79:
! 80: - Routing table IDs > 255 are supported for custom routes on Linux.
! 81:
! 82: - The D-Bus config file for charon-nm is now installed in
! 83: $(datadir)/dbus-1/system.d instead of $(sysconfdir)/dbus-1/system.d.
! 84:
! 85: - INVALID_MAJOR_VERSION notifies are now correctly sent in messages of the same
! 86: exchange type and using the same message ID as the request.
! 87:
! 88: - IKEv2 SAs are immediately destroyed when sending or receiving INVALID_SYNTAX
! 89: notifies in authenticated messages.
! 90:
! 91:
! 92: strongswan-5.8.1
! 93: ----------------
! 94:
! 95: - RDNs in Distinguished Names can now optionally be matched less strict. The
! 96: global option charon.rdn_matching takes two alternative values that cause the
! 97: matching algorithm to either ignore the order of matched RDNs or additionally
! 98: accept DNs that contain more RDNs than configured (unmatched RDNs are treated
! 99: like wildcard matches).
! 100:
! 101: - The updown plugin now passes the same interface to the script that is also
! 102: used for the automatically installed routes, i.e. the interface over which the
! 103: peer is reached instead of the interface on which the local address is found.
! 104:
! 105: - TPM 2.0 contexts are now protected by a mutex to prevent issues if multiple
! 106: IKE_SAs use the same private key concurrently.
! 107:
! 108:
! 109: strongswan-5.8.0
! 110: ----------------
! 111:
! 112: - The systemd service units have been renamed. The modern unit, which was called
! 113: strongswan-swanctl, is now called strongswan (the previous name is configured
! 114: as alias). The legacy unit is now called strongswan-starter.
! 115:
! 116: - Support for XFRM interfaces (available since Linux 4.19) has been added.
! 117: Configuration is possible via swanctl.conf. Interfaces may be created
! 118: dynamically via updown/vici scripts, or statically before or after
! 119: establishing the SAs. Routes must be added manually as needed (the daemon will
! 120: not install any routes for outbound policies with an interface ID).
! 121:
! 122: - Initiation of childless IKE_SAs is supported (RFC 6023). If enabled and
! 123: supported by the responder, no CHILD_SA is established during IKE_AUTH. This
! 124: allows using a separate DH exchange even for the first CHILD_SA, which is
! 125: otherwise created with keys derived from the IKE_SA's key material.
! 126:
! 127: - The NetworkManager backend and plugin support IPv6.
! 128:
! 129: - The new wolfssl plugin is a wrapper around the wolfSSL crypto library. Thanks
! 130: to Sean Parkinson of wolfSSL Inc. for the initial patch.
! 131:
! 132: - IKE SPIs may optionally be labeled via the charon.spi_mask|label options. This
! 133: feature was extracted from charon-tkm, however, now applies the mask/label in
! 134: network order.
! 135:
! 136: - The openssl plugin supports ChaCha20-Poly1305 when built with OpenSSL 1.1.0.
! 137:
! 138: - The PB-TNC finite state machine according to section 3.2 of RFC 5793 was not
! 139: correctly implemented when sending either a CRETRY or SRETRY batch. These
! 140: batches can only be sent in the "Decided" state and a CRETRY batch can
! 141: immediately carry all messages usually transported by a CDATA batch. It is
! 142: currently not possible to send a SRETRY batch since full-duplex mode for
! 143: PT-TLS transport is not supported.
! 144:
! 145: - Instead of marking virtual IPv6 addresses as deprecated, the kernel-netlink
! 146: plugin uses address labels to avoid their use for non-VPN traffic.
! 147:
! 148: - The agent plugin creates sockets to the ssh/gpg-agent dynamically and does not
! 149: keep them open, which otherwise can prevent the agent from getting terminated.
! 150:
! 151: - To avoid broadcast loops the forecast plugin now only reinjects packets that
! 152: are marked or received from the configured interface.
! 153:
! 154: - UTF-8 encoded passwords are supported via EAP-MSCHAPv2, which internally uses
! 155: an UTF-16LE encoding to calculate the NT hash.
! 156:
! 157: - Adds the build-certs script to generate the keys and certificates used for
! 158: regression tests dynamically. They are built with the pki version installed
! 159: in the KVM root image so it's not necessary to have an up-to-date version with
! 160: all required plugins installed on the host system.
! 161:
! 162:
! 163: strongswan-5.7.2
! 164: ----------------
! 165:
! 166: - Private key implementations may optionally provide a list of supported
! 167: signature schemes, which is used by the tpm plugin because for each key on a
! 168: TPM 2.0 the hash algorithm and for RSA also the padding scheme is predefined.
! 169:
! 170: - For RSA with PSS padding, the TPM 2.0 specification mandates the maximum salt
! 171: length (as defined by the length of the key and hash). However, if the TPM is
! 172: FIPS-168-4 compliant, the salt length equals the hash length. This is assumed
! 173: for FIPS-140-2 compliant TPMs, but if that's not the case, it might be
! 174: necessary to manually enable charon.plugins.tpm.fips_186_4 if the TPM doesn't
! 175: use the maximum salt length.
! 176:
! 177: - swanctl now accesses directories for credentials relative to swanctl.conf, in
! 178: particular, when it's loaded from a custom location via --file argument. The
! 179: base directory that's used if --file is not given is configurable at runtime
! 180: via SWANCTL_DIR environment variable.
! 181:
! 182: - With RADIUS Accounting enabled, the eap-radius plugin adds the session ID to
! 183: Access-Request messages, simplifying associating database entries for IP
! 184: leases and accounting with sessions.
! 185:
! 186: - IPs assigned by RADIUS servers are included in Accounting-Stop even if clients
! 187: don't claim them, allowing releasing them early on connection errors.
! 188:
! 189: - Selectors installed on transport mode SAs by the kernel-netlink plugin are
! 190: updated on IP address changes (e.g. via MOBIKE).
! 191:
! 192: - Added support for RSA signatures with SHA-256 and SHA-512 to the agent plugin.
! 193: For older versions of ssh/gpg-agent that only support SHA-1, IKEv2 signature
! 194: authentication has to be disabled via charon.signature_authentication.
! 195:
! 196: - The sshkey and agent plugins support Ed25519/Ed448 SSH keys and signatures.
! 197:
! 198: - The openssl plugin supports X25519/X448 Diffie-Hellman and Ed25519/Ed448 keys
! 199: and signatures when built against OpenSSL 1.1.1.
! 200:
! 201: - Ed25519, ChaCha20/Poly1305, SHA-3 and AES-CCM were added to the botan plugin.
! 202:
! 203: - The mysql plugin now properly handles database connections with transactions
! 204: under heavy load.
! 205:
! 206: - IP addresses in HA pools are now distributed evenly among all segments.
! 207:
! 208: - On newer FreeBSD kernels, the kernel-pfkey plugin reads the reqid directly
! 209: from SADB_ACQUIRE messages, i.e. not requiring previous policy installation by
! 210: the plugin, e.g. for compatibility with if_ipsec(4) VTIs.
! 211:
! 212:
! 213: strongswan-5.7.1
! 214: ----------------
! 215:
! 216: - Fixes a vulnerability in the gmp plugin triggered by crafted certificates with
! 217: RSA keys with very small moduli. When verifying signatures with such keys,
! 218: the code patched with the fix for CVE-2018-16151/2 caused an integer underflow
! 219: and subsequent heap buffer overflow that results in a crash of the daemon.
! 220: The vulnerability has been registered as CVE-2018-17540.
! 221:
! 222:
! 223: strongswan-5.7.0
! 224: ----------------
! 225:
! 226: - Fixes a potential authorization bypass vulnerability in the gmp plugin that
! 227: was caused by a too lenient verification of PKCS#1 v1.5 signatures. Several
! 228: flaws could be exploited by a Bleichenbacher-style attack to forge signatures
! 229: for low-exponent keys (i.e. with e=3). CVE-2018-16151 has been assigned to
! 230: the problem of accepting random bytes after the OID of the hash function in
! 231: such signatures, and CVE-2018-16152 has been assigned to the issue of not
! 232: verifying that the parameters in the ASN.1 algorithmIdentifier structure is
! 233: empty. Other flaws that don't lead to a vulnerability directly (e.g. not
! 234: checking for at least 8 bytes of padding) have no separate CVE assigned.
! 235:
! 236: - Dots are not allowed anymore in section names in swanctl.conf and
! 237: strongswan.conf. This mainly affects the configuration of file loggers. If the
! 238: path for such a log file contains dots it now has to be configured in the new
! 239: `path` setting within the arbitrarily renamed subsection in the `filelog`
! 240: section.
! 241:
! 242: - Sections in swanctl.conf and strongswan.conf may now reference other sections.
! 243: All settings and subsections from such a section are inherited. This allows
! 244: to simplify configs as redundant information has only to be specified once
! 245: and may then be included in other sections (refer to the example in the man
! 246: page for strongswan.conf).
! 247:
! 248: - The originally selected IKE config (based on the IPs and IKE version) can now
! 249: change if no matching algorithm proposal is found. This way the order
! 250: of the configs doesn't matter that much anymore and it's easily possible to
! 251: specify separate configs for clients that require weak algorithms (instead
! 252: of having to also add them in other configs that might be selected).
! 253:
! 254: - Support for Postquantum Preshared Keys for IKEv2 (draft-ietf-ipsecme-qr-ikev2)
! 255: has been added.
! 256:
! 257: - The new botan plugin is a wrapper around the Botan C++ crypto library. It
! 258: requires a fairly recent build from Botan's master branch (or the upcoming
! 259: 2.8.0 release). Thanks to René Korthaus and his team from Rohde & Schwarz
! 260: Cybersecurity for the initial patch.
! 261:
! 262: - The pki tool accepts a xmppAddr otherName as a subjectAlternativeName using
! 263: the syntax --san xmppaddr:<jid>.
! 264:
! 265: - Implementation of RFC 8412 "Software Inventory Message and Attributes (SWIMA)
! 266: for PA-TNC". SWIMA subscription option sets CLOSE_WRITE trigger on apt
! 267: history.log file resulting in a ClientRetry PB-TNC batch to initialize
! 268: a new measurement cycle.
! 269:
! 270: - Added support for fuzzing the PA-TNC (RFC 5792) and PB-TNC (RFC 5793) NEA
! 271: protocols on Google's OSS-Fuzz infrastructure.
! 272:
! 273: - Support for version 2 of Intel's TPM2-TSS TGC Software Stack. The presence of
! 274: the in-kernel /dev/tpmrm0 resource manager is automatically detected.
! 275:
! 276: - Marks the in- and/or outbound SA should apply to packets after processing may
! 277: be configured in swanctl.conf on Linux. For outbound SAs this requires at
! 278: least a 4.14 kernel. Setting a mask and configuring a mark/mask for inbound
! 279: SAs will be added with the upcoming 4.19 kernel.
! 280:
! 281: - New options in swanctl.conf allow configuring how/whether DF, ECN and DS
! 282: fields in the IP headers are copied during IPsec processing. Controlling this
! 283: is currently only possible on Linux.
! 284:
! 285: - To avoid conflicts, the dhcp plugin now only uses the DHCP server port if
! 286: explicitly configured.
! 287:
! 288:
! 289: strongswan-5.6.3
! 290: ----------------
! 291:
! 292: - Fixed a DoS vulnerability in the IKEv2 key derivation if the openssl plugin is
! 293: used in FIPS mode and HMAC-MD5 is negotiated as PRF.
! 294: This vulnerability has been registered as CVE-2018-10811.
! 295:
! 296: - Fixed a vulnerability in the stroke plugin, which did not check the received
! 297: length before reading a message from the socket. Unless a group is configured,
! 298: root privileges are required to access that socket, so in the default
! 299: configuration this shouldn't be an issue.
! 300: This vulnerability has been registered as CVE-2018-5388.
! 301:
! 302: ⁻ CRLs that are not yet valid are now ignored to avoid problems in scenarios
! 303: where expired certificates are removed from CRLs and the clock on the host
! 304: doing the revocation check is trailing behind that of the host issuing CRLs.
! 305:
! 306: - The issuer of fetched CRLs is now compared to the issuer of the checked
! 307: certificate.
! 308:
! 309: - CRL validation results other than revocation (e.g. a skipped check because
! 310: the CRL couldn't be fetched) are now stored also for intermediate CA
! 311: certificates and not only for end-entity certificates, so a strict CRL policy
! 312: can be enforced in such cases.
! 313:
! 314: - In compliance with RFC 4945, section 5.1.3.2, certificates used for IKE must
! 315: now either not contain a keyUsage extension (like the ones generated by pki)
! 316: or have at least one of the digitalSignature or nonRepudiation bits set.
! 317:
! 318: - New options for vici/swanctl allow forcing the local termination of an IKE_SA.
! 319: This might be useful in situations where it's known the other end is not
! 320: reachable anymore, or that it already removed the IKE_SA, so retransmitting a
! 321: DELETE and waiting for a response would be pointless. Waiting only a certain
! 322: amount of time for a response before destroying the IKE_SA is also possible
! 323: by additionally specifying a timeout.
! 324:
! 325: - When removing routes, the kernel-netlink plugin now checks if it tracks other
! 326: routes for the same destination and replaces the installed route instead of
! 327: just removing it. Same during installation, where existing routes previously
! 328: weren't replaced. This should allow using traps with virtual IPs on Linux.
! 329:
! 330: - The dhcp plugin only sends the client identifier option if identity_lease is
! 331: enabled. It can also send identities of up to 255 bytes length, instead of
! 332: the previous 64 bytes. If a server address is configured, DHCP requests are
! 333: now sent from port 67 instead of 68 to avoid ICMP port unreachables.
! 334:
! 335: - Roam events are now completely ignored for IKEv1 SAs.
! 336:
! 337: - ChaCha20/Poly1305 is now correctly proposed without key length. For
! 338: compatibility with older releases the chacha20poly1305compat keyword may be
! 339: included in proposals to also propose the algorithm with a key length.
! 340:
! 341: - Configuration of hardware offload of IPsec SAs is now more flexible and allows
! 342: a new mode, which automatically uses it if the kernel and device support it.
! 343:
! 344: - SHA-2 based PRFs are supported in PKCS#8 files as generated by OpenSSL 1.1.
! 345:
! 346: - The pki --verify tool may load CA certificates and CRLs from directories.
! 347:
! 348: - Fixed an issue with DNS servers passed to NetworkManager in charon-nm.
! 349:
! 350:
! 351: strongswan-5.6.2
! 352: ----------------
! 353:
! 354: - Fixed a DoS vulnerability in the parser for PKCS#1 RSASSA-PSS signatures that
! 355: was caused by insufficient input validation. One of the configurable
! 356: parameters in algorithm identifier structures for RSASSA-PSS signatures is the
! 357: mask generation function (MGF). Only MGF1 is currently specified for this
! 358: purpose. However, this in turn takes itself a parameter that specifies the
! 359: underlying hash function. strongSwan's parser did not correctly handle the
! 360: case of this parameter being absent, causing an undefined data read.
! 361: This vulnerability has been registered as CVE-2018-6459.
! 362:
! 363: - The previously negotiated DH group is reused when rekeying an SA, instead of
! 364: using the first group in the configured proposals, which avoids an additional
! 365: exchange if the peer selected a different group via INVALID_KE_PAYLOAD when
! 366: the SA was created initially.
! 367: The selected DH group is also moved to the front of all sent proposals that
! 368: contain it and all proposals that don't are moved to the back in order to
! 369: convey the preference for this group to the peer.
! 370:
! 371: - Handling of MOBIKE task queuing has been improved. In particular, the response
! 372: to an address update is not ignored anymore if only an address list update or
! 373: DPD is queued.
! 374:
! 375: - The fallback drop policies installed to avoid traffic leaks when replacing
! 376: addresses in installed policies are now replaced by temporary drop policies,
! 377: which also prevent acquires because we currently delete and reinstall IPsec
! 378: SAs to update their addresses.
! 379:
! 380: - Access X.509 certificates held in non-volatile storage of a TPM 2.0
! 381: referenced via the NV index.
! 382:
! 383: - Adding the --keyid parameter to pki --print allows to print private keys
! 384: or certificates stored in a smartcard or a TPM 2.0.
! 385:
! 386: - Fixed proposal selection if a peer incorrectly sends DH groups in the ESP
! 387: proposals during IKE_AUTH and also if a DH group is configured in the local
! 388: ESP proposal and charon.prefer_configured_proposals is disabled.
! 389:
! 390: - MSKs received via RADIUS are now padded to 64 bytes to avoid compatibility
! 391: issues with EAP-MSCHAPv2 and PRFs that have a block size < 64 bytes (e.g.
! 392: AES-XCBC-PRF-128).
! 393:
! 394: - The tpm_extendpcr command line tool extends a digest into a TPM PCR.
! 395:
! 396: - Ported the NetworkManager backend from the deprecated libnm-glib to libnm.
! 397:
! 398: - The save-keys debugging/development plugin saves IKE and/or ESP keys to files
! 399: compatible with Wireshark.
! 400:
! 401:
! 402: strongswan-5.6.1
! 403: ----------------
! 404:
! 405: - In compliance with RFCs 8221 and 8247 several algorithms were removed from the
! 406: default ESP/AH and IKEv2 proposals, respectively (3DES, Blowfish and MD5 from
! 407: ESP/AH, MD5 and MODP-1024 from IKEv2). These algorithms may still be used in
! 408: custom proposals.
! 409:
! 410: - Added support for RSASSA-PSS signatures. For backwards compatibility they are
! 411: not used automatically by default, enable charon.rsa_pss to change that. To
! 412: explicitly use or require such signatures with IKEv2 signature authentication
! 413: (RFC 7427), regardless of whether that option is enabled, use ike:rsa/pss...
! 414: authentication constraints.
! 415:
! 416: - The pki tool can optionally sign certificates/CRLs with RSASSA-PSS via the
! 417: `--rsa-padding pss` option.
! 418:
! 419: - The sec-updater tool checks for security updates in dpkg-based repositories
! 420: (e.g. Debian/Ubuntu) and sets the security flags in the IMV policy database
! 421: accordingly. Additionally for each new package version a SWID tag for the
! 422: given OS and HW architecture is created and stored in the database.
! 423: Using the sec-updater.sh script template the lookup can be automated
! 424: (e.g. via an hourly cron job).
! 425:
! 426: - The introduction of file versions in the IMV database scheme broke file
! 427: reference hash measurements. This has been fixed by creating generic product
! 428: versions having an empty package name.
! 429:
! 430: - A new timeout option for the systime-fix plugin stops periodic system time
! 431: checks after a while and enforces a certificate verification, closing or
! 432: reauthenticating all SAs with invalid certificates.
! 433:
! 434: - The IKE event counters, previously only available via ipsec listcounters, may
! 435: now be queried/reset via vici and the new swanctl --counters command. They are
! 436: provided by the new optional counters plugin.
! 437:
! 438: - Class attributes received in RADIUS Access-Accept messages may optionally be
! 439: added to RADIUS accounting messages.
! 440:
! 441: - Inbound marks may optionally be installed on the SA again (was removed with
! 442: 5.5.2) by enabling the mark_in_sa option in swanctl.conf.
! 443:
! 444:
! 445: strongswan-5.6.0
! 446: ----------------
! 447:
! 448: - Fixed a DoS vulnerability in the gmp plugin that was caused by insufficient
! 449: input validation when verifying RSA signatures, which requires decryption
! 450: with the operation m^e mod n, where m is the signature, and e and n are the
! 451: exponent and modulus of the public key. The value m is an integer between
! 452: 0 and n-1, however, the gmp plugin did not verify this. So if m equals n the
! 453: calculation results in 0, in which case mpz_export() returns NULL. This
! 454: result wasn't handled properly causing a null-pointer dereference.
! 455: This vulnerability has been registered as CVE-2017-11185.
! 456:
! 457: - New SWIMA IMC/IMV pair implements the "draft-ietf-sacm-nea-swima-patnc"
! 458: Internet Draft and has been demonstrated at the IETF 99 Prague Hackathon.
! 459:
! 460: - The IMV database template has been adapted to achieve full compliance
! 461: with the ISO 19770-2:2015 SWID tag standard.
! 462:
! 463: - The sw-collector tool extracts software events from apt history logs
! 464: and stores them in an SQLite database to be used by the SWIMA IMC.
! 465: The tool can also generate SWID tags both for installed and removed
! 466: package versions.
! 467:
! 468: - The pt-tls-client can attach and use TPM 2.0 protected private keys
! 469: via the --keyid parameter.
! 470:
! 471: - libtpmtss supports Intel's TSS2 Architecture Broker and Resource
! 472: Manager interface (tcti-tabrmd).
! 473:
! 474: - The new eap-aka-3gpp plugin implements the 3GPP MILENAGE algorithms
! 475: in software. K (optionally concatenated with OPc) may be configured as
! 476: binary EAP secret.
! 477:
! 478: - CHILD_SA rekeying was fixed in charon-tkm and was slightly changed: The
! 479: switch to the new outbound IPsec SA now happens via SPI on the outbound
! 480: policy on Linux, and in case of lost rekey collisions no outbound SA/policy
! 481: is temporarily installed for the redundant CHILD_SA.
! 482:
! 483: - The new %unique-dir value for mark* settings allocates separate unique marks
! 484: for each CHILD_SA direction (in/out).
! 485:
! 486:
! 487: strongswan-5.5.3
! 488: ----------------
! 489:
! 490: - Fixed a DoS vulnerability in the gmp plugin that was caused by insufficient
! 491: input validation when verifying RSA signatures. More specifically,
! 492: mpz_powm_sec() has two requirements regarding the passed exponent and modulus
! 493: that the plugin did not enforce, if these are not met the calculation will
! 494: result in a floating point exception that crashes the whole process.
! 495: This vulnerability has been registered as CVE-2017-9022.
! 496:
! 497: - Fixed a DoS vulnerability in the x509 plugin that was caused because the ASN.1
! 498: parser didn't handle ASN.1 CHOICE types properly, which could result in an
! 499: infinite loop when parsing X.509 extensions that use such types.
! 500: This vulnerability has been registered as CVE-2017-9023.
! 501:
! 502: - The behavior during IKEv2 CHILD_SA rekeying has been changed in order to avoid
! 503: traffic loss. The responder now only installs the new inbound SA and delays
! 504: installing the outbound SA until it receives the DELETE for the replaced
! 505: CHILD_SA. Similarly, the inbound SA of the replaced CHILD_SA is not removed
! 506: for a configurable amount of seconds (charon.delete_rekeyed_delay) after the
! 507: DELETE has been processed to reduce the chance of dropping delayed packets.
! 508:
! 509: - The code base has been ported to Apple's ARM64 iOS platform, whose calling
! 510: conventions for variadic and regular functions are different. This means
! 511: assigning non-variadic functions to variadic function pointers does not work.
! 512: To avoid this issue the enumerator_t interface has been changed and the
! 513: signatures of the callback functions for enumerator_create_filter(), and the
! 514: invoke_function() and find_first() methods on linked_list_t have been changed.
! 515: The return type of find_first() also changed from status_t to bool.
! 516:
! 517: - Added support for fuzzing the certificate parser provided by the default
! 518: plugins (x509, pem, gmp etc.) on Google's OSS-Fuzz infrastructure. Several
! 519: issues found while fuzzing these plugins were fixed.
! 520:
! 521: - Two new options have been added to charon's retransmission settings:
! 522: retransmit_limit and retransmit_jitter. The former adds an upper limit to the
! 523: calculated retransmission timeout, the latter randomly reduces it.
! 524:
! 525: - A bug in swanctl's --load-creds command was fixed that caused unencrypted
! 526: private keys to get unloaded if the command was called multiple times. The
! 527: load-key VICI command now returns the key ID of the loaded key on success.
! 528:
! 529: - The credential manager now enumerates local credential sets before global
! 530: ones. This means certificates supplied by the peer will now be preferred over
! 531: certificates with the same identity that may be locally stored (e.g. in the
! 532: certificate cache).
! 533:
! 534: - Added support for hardware offload of IPsec SAs as introduced by Linux 4.11
! 535: for hardware that supports this.
! 536:
! 537: - When building the libraries monolithically and statically the plugin
! 538: constructors are now hard-coded in each library so the plugin code is not
! 539: removed by the linker because it thinks none of their symbols are ever
! 540: referenced.
! 541:
! 542: - The pki tool loads the curve25519 plugin by default.
! 543:
! 544:
! 545: strongswan-5.5.2
! 546: ----------------
! 547:
! 548: - Support of Diffie-Hellman group 31 using Curve25519 for IKE as defined
! 549: by RFC 8031.
! 550:
! 551: - Support of Ed25519 digital signature algorithm for IKEv2 as defined by
! 552: draft-ietf-ipsecme-eddsa. Ed25519-based public key pairs, X.509 certificates
! 553: and CRLs can be generated and printed by the pki tool.
! 554:
! 555: - The new "tpm" libtpmtss plugin allows to use persistent private RSA and ECDSA
! 556: keys bound to a TPM 2.0 for both IKE and TLS authentication. Using the
! 557: TPM 2.0 object handle as keyid parameter, the pki --pub tool can extract
! 558: the public key from the TPM thereby replacing the aikpub2 tool. In a similar
! 559: fashion pki --req can generate a PKCS#10 certificate request signed with
! 560: the TPM private key.
! 561:
! 562: - The pki tool gained support for generating certificates with the RFC 3779
! 563: addrblock extension. The charon addrblock plugin now dynamically narrows
! 564: traffic selectors based on the certificate addrblocks instead of rejecting
! 565: non-matching selectors completely. This allows generic connections, where
! 566: the allowed selectors are defined by the used certificates only.
! 567:
! 568: - In-place update of cached base and delta CRLs does not leave dozens
! 569: of stale copies in cache memory.
! 570:
! 571: - Several new features for the VICI interface and the swanctl utility: Querying
! 572: specific pools, enumerating and unloading keys and shared secrets, loading
! 573: keys and certificates from PKCS#11 tokens, the ability to initiate, install
! 574: and uninstall connections and policies by their exact name (if multiple child
! 575: sections in different connections share the same name), a command to initiate
! 576: the rekeying of IKE and IPsec SAs, support for settings previously only
! 577: supported by the old config files (plain pubkeys, dscp, certificate policies,
! 578: IPv6 Transport Proxy Mode, NT Hash secrets, mediation extension).
! 579:
! 580: Important: Due to issues with VICI bindings that map sub-sections to
! 581: dictionaries the CHILD_SA sections returned via list-sas now have a unique
! 582: name, the original name of a CHILD_SA is returned in the "name" key of its
! 583: section.
! 584:
! 585:
! 586: strongswan-5.5.1
! 587: ----------------
! 588:
! 589: - The newhope plugin implements the post-quantum NewHope key exchange algorithm
! 590: proposed in their 2015 paper by Erdem Alkim, Léo Ducas, Thomas Pöppelmann and
! 591: Peter Schwabe.
! 592:
! 593: - The libstrongswan crypto factory now offers the registration of Extended
! 594: Output Functions (XOFs). Currently supported XOFs are SHAKE128 and SHAKE256
! 595: implemented by the sha3 plugin, ChaCHa20 implemented by the chapoly plugin
! 596: and the more traditional MGF1 Mask Generation Functions based on the SHA-1,
! 597: SHA-256 and SHA-512 hash algorithms implemented by the new mgf1 plugin.
! 598:
! 599: - The pki tool, with help of the pkcs1 or openssl plugins, can parse private
! 600: keys in any of the supported formats without having to know the exact type.
! 601: So instead of having to specify rsa or ecdsa explicitly the keyword priv may
! 602: be used to indicate a private key of any type. Similarly, swanctl can load
! 603: any type of private key from the swanctl/private directory.
! 604:
! 605: - The pki tool can handle RSASSA-PKCS1v1.5-with-SHA-3 signatures using the
! 606: sha3 and gmp plugins.
! 607:
! 608: - The VICI flush-certs command flushes certificates from the volatile
! 609: certificate cache. Optionally the type of the certificates to be
! 610: flushed (e.g. type = x509_crl) can be specified.
! 611:
! 612: - Setting cache_crls = yes in strongswan.conf the vici plugin saves regular,
! 613: base and delta CRLs to disk.
! 614:
! 615: - IKE fragmentation is now enabled by default with the default fragment size
! 616: set to 1280 bytes for both IP address families.
! 617:
! 618: - libtpmtss: In the TSS2 API the function TeardownSocketTcti() was replaced by
! 619: tss2_tcti_finalize().
! 620:
! 621:
! 622: strongswan-5.5.0
! 623: ----------------
! 624:
! 625: - The new libtpmtss library offers support for both TPM 1.2 and TPM 2.0
! 626: Trusted Platform Modules. This allows the Attestation IMC/IMV pair to
! 627: do TPM 2.0 based attestation.
! 628:
! 629: - The behavior during IKEv2 exchange collisions has been improved/fixed in
! 630: several corner cases and support for TEMPORARY_FAILURE and CHILD_SA_NOT_FOUND
! 631: notifies, as defined by RFC 7296, has been added.
! 632:
! 633: - IPsec policy priorities can be set manually (e.g. for high-priority drop
! 634: policies) and outbound policies may be restricted to a network interface.
! 635:
! 636: - The scheme for the automatically calculated default priorities has been
! 637: changed and now also considers port masks, which were added with 5.4.0.
! 638:
! 639: - FWD policies are now installed in both directions in regards to the traffic
! 640: selectors. Because such "outbound" FWD policies could conflict with "inbound"
! 641: FWD policies of other SAs they are installed with a lower priority and don't
! 642: have a reqid set, which allows kernel plugins to distinguish between the two
! 643: and prefer those with a reqid.
! 644:
! 645: - For outbound IPsec SAs no replay window is configured anymore.
! 646:
! 647: - Enhanced the functionality of the swanctl --list-conns command by listing
! 648: IKE_SA and CHILD_SA reauthentication and rekeying settings, and EAP/XAuth
! 649: identities and EAP types.
! 650:
! 651: - DNS servers installed by the resolve plugin are now refcounted, which should
! 652: fix its use with make-before-break reauthentication. Any output written to
! 653: stderr/stdout by resolvconf is now logged.
! 654:
! 655: - The methods in the kernel interfaces have been changed to take structs instead
! 656: of long lists of arguments. Similarly the constructors for peer_cfg_t and
! 657: child_cfg_t now take structs.
! 658:
! 659:
! 660: strongswan-5.4.0
! 661: ----------------
! 662:
! 663: - Support for IKEv2 redirection (RFC 5685) has been added. Plugins may
! 664: implement the redirect_provider_t interface to decide if and when to redirect
! 665: connecting clients. It is also possible to redirect established IKE_SAs based
! 666: on different selectors via VICI/swanctl. Unless disabled in strongswan.conf
! 667: the charon daemon will follow redirect requests received from servers.
! 668:
! 669: - The ike: prefix enables the explicit configuration of signature scheme
! 670: constraints against IKEv2 authentication in rightauth, which allows the use
! 671: of different signature schemes for trustchain verification and authentication.
! 672:
! 673: - The initiator of an IKEv2 make-before-break reauthentication now suspends
! 674: online certificate revocation checks (OCSP, CRLs) until the new IKE_SA and all
! 675: CHILD_SAs are established. This is required if the checks are done over the
! 676: CHILD_SA established with the new IKE_SA. This is not possible until the
! 677: initiator installs this SA and that only happens after the authentication is
! 678: completed successfully. So we suspend the checks during the reauthentication
! 679: and do them afterwards, if they fail the IKE_SA is closed. This change has no
! 680: effect on the behavior during the authentication of the initial IKE_SA.
! 681:
! 682: - For the vici plugin a Vici:Session Perl CPAN module has been added to allow
! 683: Perl applications to control and/or monitor the IKE daemon using the VICI
! 684: interface, similar to the existing Python egg or Ruby gem.
! 685:
! 686: - Traffic selectors with port ranges can now be configured in the Linux kernel:
! 687: e.g. remote_ts = 10.1.0.0/16[tcp/20-23] local_ts = dynamic[tcp/32768-65535].
! 688: The port range must map to a port mask, though since the kernel does not
! 689: support arbitrary ranges.
! 690:
! 691: - The vici plugin allows the configuration of IPv4 and IPv6 address ranges
! 692: in local and remote traffic selectors. Since both the Linux kernel and
! 693: iptables cannot handle arbitrary ranges, address ranges are mapped to the next
! 694: larger CIDR subnet by the kernel-netlink and updown plugins, respectively.
! 695:
! 696: - Implemented IKEv1 IPv4/IPv6 address subnet and range identities that can be
! 697: used as owners of shared secrets.
! 698:
! 699:
! 700: strongswan-5.3.5
! 701: ----------------
! 702:
! 703: - Properly handle potential EINTR errors in sigwaitinfo(2) calls that replaced
! 704: sigwait(3) calls with 5.3.4.
! 705:
! 706: - RADIUS retransmission timeouts are now configurable, courtesy of Thom Troy.
! 707:
! 708:
! 709: strongswan-5.3.4
! 710: ----------------
! 711:
! 712: - Fixed an authentication bypass vulnerability in the eap-mschapv2 plugin that
! 713: was caused by insufficient verification of the internal state when handling
! 714: MSCHAPv2 Success messages received by the client.
! 715: This vulnerability has been registered as CVE-2015-8023.
! 716:
! 717: - The sha3 plugin implements the SHA3 Keccak-F1600 hash algorithm family.
! 718: Within the strongSwan framework SHA3 is currently used for BLISS signatures
! 719: only because the OIDs for other signature algorithms haven't been defined
! 720: yet. Also the use of SHA3 for IKEv2 has not been standardized yet.
! 721:
! 722:
! 723: strongswan-5.3.3
! 724: ----------------
! 725:
! 726: - Added support for the ChaCha20/Poly1305 AEAD cipher specified in RFC 7539 and
! 727: RFC 7634 using the chacha20poly1305 ike/esp proposal keyword. The new chapoly
! 728: plugin implements the cipher, if possible SSE-accelerated on x86/x64
! 729: architectures. It is usable both in IKEv2 and the strongSwan libipsec ESP
! 730: backend. On Linux 4.2 or newer the kernel-netlink plugin can configure the
! 731: cipher for ESP SAs.
! 732:
! 733: - The vici interface now supports the configuration of auxiliary certification
! 734: authority information as CRL and OCSP URIs.
! 735:
! 736: - In the bliss plugin the c_indices derivation using a SHA-512 based random
! 737: oracle has been fixed, generalized and standardized by employing the MGF1 mask
! 738: generation function with SHA-512. As a consequence BLISS signatures using the
! 739: improved oracle are not compatible with the earlier implementation.
! 740:
! 741: - Support for auto=route with right=%any for transport mode connections has
! 742: been added (the ikev2/trap-any scenario provides examples).
! 743:
! 744: - The starter daemon does not flush IPsec policies and SAs anymore when it is
! 745: stopped. Already existing duplicate policies are now overwritten by the IKE
! 746: daemon when it installs its policies.
! 747:
! 748: - Init limits (like charon.init_limit_half_open) can now optionally be enforced
! 749: when initiating SAs via VICI. For this, IKE_SAs initiated by the daemon are
! 750: now also counted as half-open SAs, which, as a side-effect, fixes the status
! 751: output while connecting (e.g. in ipsec status).
! 752:
! 753: - Symmetric configuration of EAP methods in left|rightauth is now possible when
! 754: mutual EAP-only authentication is used (previously, the client had to
! 755: configure rightauth=eap or rightauth=any, which prevented it from using this
! 756: same config as responder).
! 757:
! 758: - The initiator flag in the IKEv2 header is compared again (wasn't the case
! 759: since 5.0.0) and packets that have the flag set incorrectly are again ignored.
! 760:
! 761: - Implemented a demo Hardcopy Device IMC/IMV pair based on the "Hardcopy
! 762: Device Health Assessment Trusted Network Connect Binding" (HCD-TNC)
! 763: document drafted by the IEEE Printer Working Group (PWG).
! 764:
! 765: - Fixed IF-M segmentation which failed in the presence of multiple small
! 766: attributes in front of a huge attribute to be segmented.
! 767:
! 768:
! 769: strongswan-5.3.2
! 770: ----------------
! 771:
! 772: - Fixed a vulnerability that allowed rogue servers with a valid certificate
! 773: accepted by the client to trick it into disclosing its username and even
! 774: password (if the client accepts EAP-GTC). This was caused because constraints
! 775: against the responder's authentication were enforced too late.
! 776: This vulnerability has been registered as CVE-2015-4171.
! 777:
! 778:
! 779: strongswan-5.3.1
! 780: ----------------
! 781:
! 782: - Fixed a denial-of-service and potential remote code execution vulnerability
! 783: triggered by IKEv1/IKEv2 messages that contain payloads for the respective
! 784: other IKE version. Such payload are treated specially since 5.2.2 but because
! 785: they were still identified by their original payload type they were used as
! 786: such in some places causing invalid function pointer dereferences.
! 787: The vulnerability has been registered as CVE-2015-3991.
! 788:
! 789: - The new aesni plugin provides CBC, CTR, XCBC, CMAC, CCM and GCM crypto
! 790: primitives for AES-128/192/256. The plugin requires AES-NI and PCLMULQDQ
! 791: instructions and works on both x86 and x64 architectures. It provides
! 792: superior crypto performance in userland without any external libraries.
! 793:
! 794:
! 795: strongswan-5.3.0
! 796: ----------------
! 797:
! 798: - Added support for IKEv2 make-before-break reauthentication. By using a global
! 799: CHILD_SA reqid allocation mechanism, charon supports overlapping CHILD_SAs.
! 800: This allows the use of make-before-break instead of the previously supported
! 801: break-before-make reauthentication, avoiding connectivity gaps during that
! 802: procedure. As the new mechanism may fail with peers not supporting it (such
! 803: as any previous strongSwan release) it must be explicitly enabled using
! 804: the charon.make_before_break strongswan.conf option.
! 805:
! 806: - Support for "Signature Authentication in IKEv2" (RFC 7427) has been added.
! 807: This allows the use of stronger hash algorithms for public key authentication.
! 808: By default, signature schemes are chosen based on the strength of the
! 809: signature key, but specific hash algorithms may be configured in leftauth.
! 810:
! 811: - Key types and hash algorithms specified in rightauth are now also checked
! 812: against IKEv2 signature schemes. If such constraints are used for certificate
! 813: chain validation in existing configurations, in particular with peers that
! 814: don't support RFC 7427, it may be necessary to disable this feature with the
! 815: charon.signature_authentication_constraints setting, because the signature
! 816: scheme used in classic IKEv2 public key authentication may not be strong
! 817: enough.
! 818:
! 819: - The new connmark plugin allows a host to bind conntrack flows to a specific
! 820: CHILD_SA by applying and restoring the SA mark to conntrack entries. This
! 821: allows a peer to handle multiple transport mode connections coming over the
! 822: same NAT device for client-initiated flows. A common use case is to protect
! 823: L2TP/IPsec, as supported by some systems.
! 824:
! 825: - The forecast plugin can forward broadcast and multicast messages between
! 826: connected clients and a LAN. For CHILD_SA using unique marks, it sets up
! 827: the required Netfilter rules and uses a multicast/broadcast listener that
! 828: forwards such messages to all connected clients. This plugin is designed for
! 829: Windows 7 IKEv2 clients, which announces its services over the tunnel if the
! 830: negotiated IPsec policy allows it.
! 831:
! 832: - For the vici plugin a Python Egg has been added to allow Python applications
! 833: to control or monitor the IKE daemon using the VICI interface, similar to the
! 834: existing ruby gem. The Python library has been contributed by Björn Schuberg.
! 835:
! 836: - EAP server methods now can fulfill public key constraints, such as rightcert
! 837: or rightca. Additionally, public key and signature constraints can be
! 838: specified for EAP methods in the rightauth keyword. Currently the EAP-TLS and
! 839: EAP-TTLS methods provide verification details to constraints checking.
! 840:
! 841: - Upgrade of the BLISS post-quantum signature algorithm to the improved BLISS-B
! 842: variant. Can be used in conjunction with the SHA256, SHA384 and SHA512 hash
! 843: algorithms with SHA512 being the default.
! 844:
! 845: - The IF-IMV 1.4 interface now makes the IP address of the TNC access requestor
! 846: as seen by the TNC server available to all IMVs. This information can be
! 847: forwarded to policy enforcement points (e.g. firewalls or routers).
! 848:
! 849: - The new mutual tnccs-20 plugin parameter activates mutual TNC measurements
! 850: in PB-TNC half-duplex mode between two endpoints over either a PT-EAP or
! 851: PT-TLS transport medium.
! 852:
! 853:
! 854: strongswan-5.2.2
! 855: ----------------
! 856:
! 857: - Fixed a denial-of-service vulnerability triggered by an IKEv2 Key Exchange
! 858: payload that contains the Diffie-Hellman group 1025. This identifier was
! 859: used internally for DH groups with custom generator and prime. Because
! 860: these arguments are missing when creating DH objects based on the KE payload
! 861: an invalid pointer dereference occurred. This allowed an attacker to crash
! 862: the IKE daemon with a single IKE_SA_INIT message containing such a KE
! 863: payload. The vulnerability has been registered as CVE-2014-9221.
! 864:
! 865: - The left/rightid options in ipsec.conf, or any other identity in strongSwan,
! 866: now accept prefixes to enforce an explicit type, such as email: or fqdn:.
! 867: Note that no conversion is done for the remaining string, refer to
! 868: ipsec.conf(5) for details.
! 869:
! 870: - The post-quantum Bimodal Lattice Signature Scheme (BLISS) can be used as
! 871: an IKEv2 public key authentication method. The pki tool offers full support
! 872: for the generation of BLISS key pairs and certificates.
! 873:
! 874: - Fixed mapping of integrity algorithms negotiated for AH via IKEv1. This could
! 875: cause interoperability issues when connecting to older versions of charon.
! 876:
! 877:
! 878: strongswan-5.2.1
! 879: ----------------
! 880:
! 881: - The new charon-systemd IKE daemon implements an IKE daemon tailored for use
! 882: with systemd. It avoids the dependency on ipsec starter and uses swanctl
! 883: as configuration backend, building a simple and lightweight solution. It
! 884: supports native systemd journal logging.
! 885:
! 886: - Support for IKEv2 fragmentation as per RFC 7383 has been added. Like IKEv1
! 887: fragmentation it can be enabled by setting fragmentation=yes in ipsec.conf.
! 888:
! 889: - Support of the TCG TNC IF-M Attribute Segmentation specification proposal.
! 890: All attributes can be segmented. Additionally TCG/SWID Tag, TCG/SWID Tag ID
! 891: and IETF/Installed Packages attributes can be processed incrementally on a
! 892: per segment basis.
! 893:
! 894: - The new ext-auth plugin calls an external script to implement custom IKE_SA
! 895: authorization logic, courtesy of Vyronas Tsingaras.
! 896:
! 897: - For the vici plugin a ruby gem has been added to allow ruby applications
! 898: to control or monitor the IKE daemon. The vici documentation has been updated
! 899: to include a description of the available operations and some simple examples
! 900: using both the libvici C interface and the ruby gem.
! 901:
! 902:
! 903: strongswan-5.2.0
! 904: ----------------
! 905:
! 906: - strongSwan has been ported to the Windows platform. Using a MinGW toolchain,
! 907: many parts of the strongSwan codebase run natively on Windows 7 / 2008 R2
! 908: and newer releases. charon-svc implements a Windows IKE service based on
! 909: libcharon, the kernel-iph and kernel-wfp plugins act as networking and IPsec
! 910: backend on the Windows platform. socket-win provides a native IKE socket
! 911: implementation, while winhttp fetches CRL and OCSP information using the
! 912: WinHTTP API.
! 913:
! 914: - The new vici plugin provides a Versatile IKE Configuration Interface for
! 915: charon. Using the stable IPC interface, external applications can configure,
! 916: control and monitor the IKE daemon. Instead of scripting the ipsec tool
! 917: and generating ipsec.conf, third party applications can use the new interface
! 918: for more control and better reliability.
! 919:
! 920: - Built upon the libvici client library, swanctl implements the first user of
! 921: the VICI interface. Together with a swanctl.conf configuration file,
! 922: connections can be defined, loaded and managed. swanctl provides a portable,
! 923: complete IKE configuration and control interface for the command line.
! 924: The first six swanctl example scenarios have been added.
! 925:
! 926: - The SWID IMV implements a JSON-based REST API which allows the exchange
! 927: of SWID tags and Software IDs with the strongTNC policy manager.
! 928:
! 929: - The SWID IMC can extract all installed packages from the dpkg (Debian,
! 930: Ubuntu, Linux Mint etc.), rpm (Fedora, RedHat, OpenSUSE, etc.), or
! 931: pacman (Arch Linux, Manjaro, etc.) package managers, respectively, using the
! 932: swidGenerator (https://github.com/strongswan/swidGenerator) which generates
! 933: SWID tags according to the new ISO/IEC 19770-2:2014 standard.
! 934:
! 935: - All IMVs now share the access requestor ID, device ID and product info
! 936: of an access requestor via a common imv_session object.
! 937:
! 938: - The Attestation IMC/IMV pair supports the IMA-NG measurement format
! 939: introduced with the Linux 3.13 kernel.
! 940:
! 941: - The aikgen tool generates an Attestation Identity Key bound to a TPM.
! 942:
! 943: - Implemented the PT-EAP transport protocol (RFC 7171) for Trusted Network
! 944: Connect.
! 945:
! 946: - The ipsec.conf replay_window option defines connection specific IPsec replay
! 947: windows. Original patch courtesy of Zheng Zhong and Christophe Gouault from
! 948: 6Wind.
! 949:
! 950:
! 951: strongswan-5.1.3
! 952: ----------------
! 953:
! 954: - Fixed an authentication bypass vulnerability triggered by rekeying an
! 955: unestablished IKEv2 SA while it gets actively initiated. This allowed an
! 956: attacker to trick a peer's IKE_SA state to established, without the need to
! 957: provide any valid authentication credentials. The vulnerability has been
! 958: registered as CVE-2014-2338.
! 959:
! 960: - The acert plugin evaluates X.509 Attribute Certificates. Group membership
! 961: information encoded as strings can be used to fulfill authorization checks
! 962: defined with the rightgroups option. Attribute Certificates can be loaded
! 963: locally or get exchanged in IKEv2 certificate payloads.
! 964:
! 965: - The pki command gained support to generate X.509 Attribute Certificates
! 966: using the --acert subcommand, while the --print command supports the ac type.
! 967: The openac utility has been removed in favor of the new pki functionality.
! 968:
! 969: - The libtls TLS 1.2 implementation as used by EAP-(T)TLS and other protocols
! 970: has been extended by AEAD mode support, currently limited to AES-GCM.
! 971:
! 972:
! 973: strongswan-5.1.2
! 974: ----------------
! 975:
! 976: - A new default configuration file layout is introduced. The new default
! 977: strongswan.conf file mainly includes config snippets from the strongswan.d
! 978: and strongswan.d/charon directories (the latter containing snippets for all
! 979: plugins). The snippets, with commented defaults, are automatically
! 980: generated and installed, if they don't exist yet. They are also installed
! 981: in $prefix/share/strongswan/templates so existing files can be compared to
! 982: the current defaults.
! 983:
! 984: - As an alternative to the non-extensible charon.load setting, the plugins
! 985: to load in charon (and optionally other applications) can now be determined
! 986: via the charon.plugins.<name>.load setting for each plugin (enabled in the
! 987: new default strongswan.conf file via the charon.load_modular option).
! 988: The load setting optionally takes a numeric priority value that allows
! 989: reordering the plugins (otherwise the default plugin order is preserved).
! 990:
! 991: - All strongswan.conf settings that were formerly defined in library specific
! 992: "global" sections are now application specific (e.g. settings for plugins in
! 993: libstrongswan.plugins can now be set only for charon in charon.plugins).
! 994: The old options are still supported, which now allows to define defaults for
! 995: all applications in the libstrongswan section.
! 996:
! 997: - The ntru libstrongswan plugin supports NTRUEncrypt as a post-quantum
! 998: computer IKE key exchange mechanism. The implementation is based on the
! 999: ntru-crypto library from the NTRUOpenSourceProject. The supported security
! 1000: strengths are ntru112, ntru128, ntru192, and ntru256. Since the private DH
! 1001: group IDs 1030..1033 have been assigned, the strongSwan Vendor ID must be
! 1002: sent (charon.send_vendor_id = yes) in order to use NTRU.
! 1003:
! 1004: - Defined a TPMRA remote attestation workitem and added support for it to the
! 1005: Attestation IMV.
! 1006:
! 1007: - Compatibility issues between IPComp (compress=yes) and leftfirewall=yes as
! 1008: well as multiple subnets in left|rightsubnet have been fixed.
! 1009:
! 1010: - When enabling its "session" strongswan.conf option, the xauth-pam plugin opens
! 1011: and closes a PAM session for each established IKE_SA. Patch courtesy of
! 1012: Andrea Bonomi.
! 1013:
! 1014: - The strongSwan unit testing framework has been rewritten without the "check"
! 1015: dependency for improved flexibility and portability. It now properly supports
! 1016: multi-threaded and memory leak testing and brings a bunch of new test cases.
! 1017:
! 1018:
! 1019: strongswan-5.1.1
! 1020: ----------------
! 1021:
! 1022: - Fixed a denial-of-service vulnerability and potential authorization bypass
! 1023: triggered by a crafted ID_DER_ASN1_DN ID payload. The cause is an insufficient
! 1024: length check when comparing such identities. The vulnerability has been
! 1025: registered as CVE-2013-6075.
! 1026:
! 1027: - Fixed a denial-of-service vulnerability triggered by a crafted IKEv1
! 1028: fragmentation payload. The cause is a NULL pointer dereference. The
! 1029: vulnerability has been registered as CVE-2013-6076.
! 1030:
! 1031: - The lean stand-alone pt-tls-client can set up a RFC 6876 PT-TLS session
! 1032: with a strongSwan policy enforcement point which uses the tnc-pdp charon
! 1033: plugin.
! 1034:
! 1035: - The new TCG TNC SWID IMC/IMV pair supports targeted SWID requests for either
! 1036: full SWID Tag or concise SWID Tag ID inventories.
! 1037:
! 1038: - The XAuth backend in eap-radius now supports multiple XAuth exchanges for
! 1039: different credential types and display messages. All user input gets
! 1040: concatenated and verified with a single User-Password RADIUS attribute on
! 1041: the AAA. With an AAA supporting it, one for example can implement
! 1042: Password+Token authentication with proper dialogs on iOS and OS X clients.
! 1043:
! 1044: - charon supports IKEv1 Mode Config exchange in push mode. The ipsec.conf
! 1045: modeconfig=push option enables it for both client and server, the same way
! 1046: as pluto used it.
! 1047:
! 1048: - Using the "ah" ipsec.conf keyword on both IKEv1 and IKEv2 connections,
! 1049: charon can negotiate and install Security Associations integrity-protected by
! 1050: the Authentication Header protocol. Supported are plain AH(+IPComp) SAs only,
! 1051: but not the deprecated RFC2401 style ESP+AH bundles.
! 1052:
! 1053: - The generation of initialization vectors for IKE and ESP (when using libipsec)
! 1054: is now modularized and IVs for e.g. AES-GCM are now correctly allocated
! 1055: sequentially, while other algorithms like AES-CBC still use random IVs.
! 1056:
! 1057: - The left and right options in ipsec.conf can take multiple address ranges
! 1058: and subnets. This allows connection matching against a larger set of
! 1059: addresses, for example to use a different connection for clients connecting
! 1060: from a internal network.
! 1061:
! 1062: - For all those who have a queasy feeling about the NIST elliptic curve set,
! 1063: the Brainpool curves introduced for use with IKE by RFC 6932 might be a
! 1064: more trustworthy alternative.
! 1065:
! 1066: - The kernel-libipsec userland IPsec backend now supports usage statistics,
! 1067: volume based rekeying and accepts ESPv3 style TFC padded packets.
! 1068:
! 1069: - With two new strongswan.conf options fwmarks can be used to implement
! 1070: host-to-host tunnels with kernel-libipsec.
! 1071:
! 1072: - load-tester supports transport mode connections and more complex traffic
! 1073: selectors, including such using unique ports for each tunnel.
! 1074:
! 1075: - The new dnscert plugin provides support for authentication via CERT RRs that
! 1076: are protected via DNSSEC. The plugin was created by Ruslan N. Marchenko.
! 1077:
! 1078: - The eap-radius plugin supports forwarding of several Cisco Unity specific
! 1079: RADIUS attributes in corresponding configuration payloads.
! 1080:
! 1081: - Database transactions are now abstracted and implemented by the two backends.
! 1082: If you use MySQL make sure all tables use the InnoDB engine.
! 1083:
! 1084: - libstrongswan now can provide an experimental custom implementation of the
! 1085: printf family functions based on klibc if neither Vstr nor glibc style printf
! 1086: hooks are available. This can avoid the Vstr dependency on some systems at
! 1087: the cost of slower and less complete printf functions.
! 1088:
! 1089:
! 1090: strongswan-5.1.0
! 1091: ----------------
! 1092:
! 1093: - Fixed a denial-of-service vulnerability triggered by specific XAuth usernames
! 1094: and EAP identities (since 5.0.3), and PEM files (since 4.1.11). The crash
! 1095: was caused by insufficient error handling in the is_asn1() function.
! 1096: The vulnerability has been registered as CVE-2013-5018.
! 1097:
! 1098: - The new charon-cmd command line IKE client can establish road warrior
! 1099: connections using IKEv1 or IKEv2 with different authentication profiles.
! 1100: It does not depend on any configuration files and can be configured using a
! 1101: few simple command line options.
! 1102:
! 1103: - The kernel-pfroute networking backend has been greatly improved. It now
! 1104: can install virtual IPs on TUN devices on OS X and FreeBSD, allowing these
! 1105: systems to act as a client in common road warrior scenarios.
! 1106:
! 1107: - The new kernel-libipsec plugin uses TUN devices and libipsec to provide IPsec
! 1108: processing in userland on Linux, FreeBSD and Mac OS X.
! 1109:
! 1110: - The eap-radius plugin can now serve as an XAuth backend called xauth-radius,
! 1111: directly verifying XAuth credentials using RADIUS User-Name/User-Password
! 1112: attributes. This is more efficient than the existing xauth-eap+eap-radius
! 1113: combination, and allows RADIUS servers without EAP support to act as AAA
! 1114: backend for IKEv1.
! 1115:
! 1116: - The new osx-attr plugin installs configuration attributes (currently DNS
! 1117: servers) via SystemConfiguration on Mac OS X. The keychain plugin provides
! 1118: certificates from the OS X keychain service.
! 1119:
! 1120: - The sshkey plugin parses SSH public keys, which, together with the --agent
! 1121: option for charon-cmd, allows the use of ssh-agent for authentication.
! 1122: To configure SSH keys in ipsec.conf the left|rightrsasigkey options are
! 1123: replaced with left|rightsigkey, which now take public keys in one of three
! 1124: formats: SSH (RFC 4253, ssh: prefix), DNSKEY (RFC 3110, dns: prefix), and
! 1125: PKCS#1 (the default, no prefix).
! 1126:
! 1127: - Extraction of certificates and private keys from PKCS#12 files is now provided
! 1128: by the new pkcs12 plugin or the openssl plugin. charon-cmd (--p12) as well
! 1129: as charon (via P12 token in ipsec.secrets) can make use of this.
! 1130:
! 1131: - IKEv2 can now negotiate transport mode and IPComp in NAT situations.
! 1132:
! 1133: - IKEv2 exchange initiators now properly close an established IKE or CHILD_SA
! 1134: on error conditions using an additional exchange, keeping state in sync
! 1135: between peers.
! 1136:
! 1137: - Using a SQL database interface a Trusted Network Connect (TNC) Policy Manager
! 1138: can generate specific measurement workitems for an arbitrary number of
! 1139: Integrity Measurement Verifiers (IMVs) based on the history of the VPN user
! 1140: and/or device.
! 1141:
! 1142: - Several core classes in libstrongswan are now tested with unit tests. These
! 1143: can be enabled with --enable-unit-tests and run with 'make check'. Coverage
! 1144: reports can be generated with --enable-coverage and 'make coverage' (this
! 1145: disables any optimization, so it should not be enabled when building
! 1146: production releases).
! 1147:
! 1148: - The leak-detective developer tool has been greatly improved. It works much
! 1149: faster/stabler with multiple threads, does not use deprecated malloc hooks
! 1150: anymore and has been ported to OS X.
! 1151:
! 1152: - chunk_hash() is now based on SipHash-2-4 with a random key. This provides
! 1153: better distribution and prevents hash flooding attacks when used with
! 1154: hashtables.
! 1155:
! 1156: - All default plugins implement the get_features() method to define features
! 1157: and their dependencies. The plugin loader has been improved, so that plugins
! 1158: in a custom load statement can be ordered freely or to express preferences
! 1159: without being affected by dependencies between plugin features.
! 1160:
! 1161: - A centralized thread can take care for watching multiple file descriptors
! 1162: concurrently. This removes the need for a dedicated listener threads in
! 1163: various plugins. The number of "reserved" threads for such tasks has been
! 1164: reduced to about five, depending on the plugin configuration.
! 1165:
! 1166: - Plugins that can be controlled by a UNIX socket IPC mechanism gained network
! 1167: transparency. Third party applications querying these plugins now can use
! 1168: TCP connections from a different host.
! 1169:
! 1170: - libipsec now supports AES-GCM.
! 1171:
! 1172:
! 1173: strongswan-5.0.4
! 1174: ----------------
! 1175:
! 1176: - Fixed a security vulnerability in the openssl plugin which was reported by
! 1177: Kevin Wojtysiak. The vulnerability has been registered as CVE-2013-2944.
! 1178: Before the fix, if the openssl plugin's ECDSA signature verification was used,
! 1179: due to a misinterpretation of the error code returned by the OpenSSL
! 1180: ECDSA_verify() function, an empty or zeroed signature was accepted as a
! 1181: legitimate one.
! 1182:
! 1183: - The handling of a couple of other non-security relevant openssl return codes
! 1184: was fixed as well.
! 1185:
! 1186: - The tnc_ifmap plugin now publishes virtual IPv4 and IPv6 addresses via its
! 1187: TCG TNC IF-MAP 2.1 interface.
! 1188:
! 1189: - The charon.initiator_only option causes charon to ignore IKE initiation
! 1190: requests.
! 1191:
! 1192: - The openssl plugin can now use the openssl-fips library.
! 1193:
! 1194:
! 1195: strongswan-5.0.3
! 1196: ----------------
! 1197:
! 1198: - The new ipseckey plugin enables authentication based on trustworthy public
! 1199: keys stored as IPSECKEY resource records in the DNS and protected by DNSSEC.
! 1200: To do so it uses a DNSSEC enabled resolver, like the one provided by the new
! 1201: unbound plugin, which is based on libldns and libunbound. Both plugins were
! 1202: created by Reto Guadagnini.
! 1203:
! 1204: - Implemented the TCG TNC IF-IMV 1.4 draft making access requestor identities
! 1205: available to an IMV. The OS IMV stores the AR identity together with the
! 1206: device ID in the attest database.
! 1207:
! 1208: - The openssl plugin now uses the AES-NI accelerated version of AES-GCM
! 1209: if the hardware supports it.
! 1210:
! 1211: - The eap-radius plugin can now assign virtual IPs to IKE clients using the
! 1212: Framed-IP-Address attribute by using the "%radius" named pool in the
! 1213: rightsourceip ipsec.conf option. Cisco Banner attributes are forwarded to
! 1214: Unity-capable IKEv1 clients during mode config. charon now sends Interim
! 1215: Accounting updates if requested by the RADIUS server, reports
! 1216: sent/received packets in Accounting messages, and adds a Terminate-Cause
! 1217: to Accounting-Stops.
! 1218:
! 1219: - The recently introduced "ipsec listcounters" command can report connection
! 1220: specific counters by passing a connection name, and global or connection
! 1221: counters can be reset by the "ipsec resetcounters" command.
! 1222:
! 1223: - The strongSwan libpttls library provides an experimental implementation of
! 1224: PT-TLS (RFC 6876), a Posture Transport Protocol over TLS.
! 1225:
! 1226: - The charon systime-fix plugin can disable certificate lifetime checks on
! 1227: embedded systems if the system time is obviously out of sync after bootup.
! 1228: Certificates lifetimes get checked once the system time gets sane, closing
! 1229: or reauthenticating connections using expired certificates.
! 1230:
! 1231: - The "ikedscp" ipsec.conf option can set DiffServ code points on outgoing
! 1232: IKE packets.
! 1233:
! 1234: - The new xauth-noauth plugin allows to use basic RSA or PSK authentication with
! 1235: clients that cannot be configured without XAuth authentication. The plugin
! 1236: simply concludes the XAuth exchange successfully without actually performing
! 1237: any authentication. Therefore, to use this backend it has to be selected
! 1238: explicitly with rightauth2=xauth-noauth.
! 1239:
! 1240: - The new charon-tkm IKEv2 daemon delegates security critical operations to a
! 1241: separate process. This has the benefit that the network facing daemon has no
! 1242: knowledge of keying material used to protect child SAs. Thus subverting
! 1243: charon-tkm does not result in the compromise of cryptographic keys.
! 1244: The extracted functionality has been implemented from scratch in a minimal TCB
! 1245: (trusted computing base) in the Ada programming language. Further information
! 1246: can be found at https://www.codelabs.ch/tkm/.
! 1247:
! 1248: strongswan-5.0.2
! 1249: ----------------
! 1250:
! 1251: - Implemented all IETF Standard PA-TNC attributes and an OS IMC/IMV
! 1252: pair using them to transfer operating system information.
! 1253:
! 1254: - The new "ipsec listcounters" command prints a list of global counter values
! 1255: about received and sent IKE messages and rekeyings.
! 1256:
! 1257: - A new lookip plugin can perform fast lookup of tunnel information using a
! 1258: clients virtual IP and can send notifications about established or deleted
! 1259: tunnels. The "ipsec lookip" command can be used to query such information
! 1260: or receive notifications.
! 1261:
! 1262: - The new error-notify plugin catches some common error conditions and allows
! 1263: an external application to receive notifications for them over a UNIX socket.
! 1264:
! 1265: - IKE proposals can now use a PRF algorithm different to that defined for
! 1266: integrity protection. If an algorithm with a "prf" prefix is defined
! 1267: explicitly (such as prfsha1 or prfsha256), no implicit PRF algorithm based on
! 1268: the integrity algorithm is added to the proposal.
! 1269:
! 1270: - The pkcs11 plugin can now load leftcert certificates from a smartcard for a
! 1271: specific ipsec.conf conn section and cacert CA certificates for a specific ca
! 1272: section.
! 1273:
! 1274: - The load-tester plugin gained additional options for certificate generation
! 1275: and can load keys and multiple CA certificates from external files. It can
! 1276: install a dedicated outer IP address for each tunnel and tunnel initiation
! 1277: batches can be triggered and monitored externally using the
! 1278: "ipsec load-tester" tool.
! 1279:
! 1280: - PKCS#7 container parsing has been modularized, and the openssl plugin
! 1281: gained an alternative implementation to decrypt and verify such files.
! 1282: In contrast to our own DER parser, OpenSSL can handle BER files, which is
! 1283: required for interoperability of our scepclient with EJBCA.
! 1284:
! 1285: - Support for the proprietary IKEv1 fragmentation extension has been added.
! 1286: Fragments are always handled on receipt but only sent if supported by the peer
! 1287: and if enabled with the new fragmentation ipsec.conf option.
! 1288:
! 1289: - IKEv1 in charon can now parse certificates received in PKCS#7 containers and
! 1290: supports NAT traversal as used by Windows clients. Patches courtesy of
! 1291: Volker Rümelin.
! 1292:
! 1293: - The new rdrand plugin provides a high quality / high performance random
! 1294: source using the Intel rdrand instruction found on Ivy Bridge processors.
! 1295:
! 1296: - The integration test environment was updated and now uses KVM and reproducible
! 1297: guest images based on Debian.
! 1298:
! 1299:
! 1300: strongswan-5.0.1
! 1301: ----------------
! 1302:
! 1303: - Introduced the sending of the standard IETF Assessment Result
! 1304: PA-TNC attribute by all strongSwan Integrity Measurement Verifiers.
! 1305:
! 1306: - Extended PTS Attestation IMC/IMV pair to provide full evidence of
! 1307: the Linux IMA measurement process. All pertinent file information
! 1308: of a Linux OS can be collected and stored in an SQL database.
! 1309:
! 1310: - The PA-TNC and PB-TNC protocols can now process huge data payloads
! 1311: >64 kB by distributing PA-TNC attributes over multiple PA-TNC messages
! 1312: and these messages over several PB-TNC batches. As long as no
! 1313: consolidated recommendation from all IMVs can be obtained, the TNC
! 1314: server requests more client data by sending an empty SDATA batch.
! 1315:
! 1316: - The rightgroups2 ipsec.conf option can require group membership during
! 1317: a second authentication round, for example during XAuth authentication
! 1318: against a RADIUS server.
! 1319:
! 1320: - The xauth-pam backend can authenticate IKEv1 XAuth and Hybrid authenticated
! 1321: clients against any PAM service. The IKEv2 eap-gtc plugin does not use
! 1322: PAM directly anymore, but can use any XAuth backend to verify credentials,
! 1323: including xauth-pam.
! 1324:
! 1325: - The new unity plugin brings support for some parts of the IKEv1 Cisco Unity
! 1326: Extension. As client, charon narrows traffic selectors to the received
! 1327: Split-Include attributes and automatically installs IPsec bypass policies
! 1328: for received Local-LAN attributes. As server, charon sends Split-Include
! 1329: attributes for leftsubnet definitions containing multiple subnets to Unity-
! 1330: aware clients.
! 1331:
! 1332: - An EAP-Nak payload is returned by clients if the gateway requests an EAP
! 1333: method that the client does not support. Clients can also request a specific
! 1334: EAP method by configuring that method with leftauth.
! 1335:
! 1336: - The eap-dynamic plugin handles EAP-Nak payloads returned by clients and uses
! 1337: these to select a different EAP method supported/requested by the client.
! 1338: The plugin initially requests the first registered method or the first method
! 1339: configured with charon.plugins.eap-dynamic.preferred.
! 1340:
! 1341: - The new left/rightdns options specify connection specific DNS servers to
! 1342: request/respond in IKEv2 configuration payloads or IKEv2 mode config. leftdns
! 1343: can be any (comma separated) combination of %config4 and %config6 to request
! 1344: multiple servers, both for IPv4 and IPv6. rightdns takes a list of DNS server
! 1345: IP addresses to return.
! 1346:
! 1347: - The left/rightsourceip options now accept multiple addresses or pools.
! 1348: leftsourceip can be any (comma separated) combination of %config4, %config6
! 1349: or fixed IP addresses to request. rightsourceip accepts multiple explicitly
! 1350: specified or referenced named pools.
! 1351:
! 1352: - Multiple connections can now share a single address pool when they use the
! 1353: same definition in one of the rightsourceip pools.
! 1354:
! 1355: - The options charon.interfaces_ignore and charon.interfaces_use allow one to
! 1356: configure the network interfaces used by the daemon.
! 1357:
! 1358: - The kernel-netlink plugin supports the charon.install_virtual_ip_on option,
! 1359: which specifies the interface on which virtual IP addresses will be installed.
! 1360: If it is not specified the current behavior of using the outbound interface
! 1361: is preserved.
! 1362:
! 1363: - The kernel-netlink plugin tries to keep the current source address when
! 1364: looking for valid routes to reach other hosts.
! 1365:
! 1366: - The autotools build has been migrated to use a config.h header. strongSwan
! 1367: development headers will get installed during "make install" if
! 1368: --with-dev-headers has been passed to ./configure.
! 1369:
! 1370: - All crypto primitives gained return values for most operations, allowing
! 1371: crypto backends to fail, for example when using hardware accelerators.
! 1372:
! 1373:
! 1374: strongswan-5.0.0
! 1375: ----------------
! 1376:
! 1377: - The charon IKE daemon gained experimental support for the IKEv1 protocol.
! 1378: Pluto has been removed from the 5.x series, and unless strongSwan is
! 1379: configured with --disable-ikev1 or --disable-ikev2, charon handles both
! 1380: keying protocols. The feature-set of IKEv1 in charon is almost on par with
! 1381: pluto, but currently does not support AH or bundled AH+ESP SAs. Beside
! 1382: RSA/ECDSA, PSK and XAuth, charon also supports the Hybrid authentication
! 1383: mode. Information for interoperability and migration is available at
! 1384: https://wiki.strongswan.org/projects/strongswan/wiki/CharonPlutoIKEv1.
! 1385:
! 1386: - Charon's bus_t has been refactored so that loggers and other listeners are
! 1387: now handled separately. The single lock was previously cause for deadlocks
! 1388: if extensive listeners, such as the one provided by the updown plugin, wanted
! 1389: to acquire locks that were held by other threads which in turn tried to log
! 1390: messages, and thus were waiting to acquire the same lock currently held by
! 1391: the thread calling the listener.
! 1392: The implemented changes also allow the use of a read/write-lock for the
! 1393: loggers which increases performance if multiple loggers are registered.
! 1394: Besides several interface changes this last bit also changes the semantics
! 1395: for loggers as these may now be called by multiple threads at the same time.
! 1396:
! 1397: - Source routes are reinstalled if interfaces are reactivated or IP addresses
! 1398: reappear.
! 1399:
! 1400: - The thread pool (processor_t) now has more control over the lifecycle of
! 1401: a job (see job.h for details). In particular, it now controls the destruction
! 1402: of jobs after execution and the cancellation of jobs during shutdown. Due to
! 1403: these changes the requeueing feature, previously available to callback_job_t
! 1404: only, is now available to all jobs (in addition to a new rescheduling
! 1405: feature).
! 1406:
! 1407: - In addition to trustchain key strength definitions for different public key
! 1408: systems, the rightauth option now takes a list of signature hash algorithms
! 1409: considered save for trustchain validation. For example, the setting
! 1410: rightauth=rsa-2048-ecdsa-256-sha256-sha384-sha512 requires a trustchain
! 1411: that uses at least RSA-2048 or ECDSA-256 keys and certificate signatures
! 1412: using SHA-256 or better.
! 1413:
! 1414:
! 1415: strongswan-4.6.4
! 1416: ----------------
! 1417:
! 1418: - Fixed a security vulnerability in the gmp plugin. If this plugin was used
! 1419: for RSA signature verification an empty or zeroed signature was handled as
! 1420: a legitimate one.
! 1421:
! 1422: - Fixed several issues with reauthentication and address updates.
! 1423:
! 1424:
! 1425: strongswan-4.6.3
! 1426: ----------------
! 1427:
! 1428: - The tnc-pdp plugin implements a RADIUS server interface allowing
! 1429: a strongSwan TNC server to act as a Policy Decision Point.
! 1430:
! 1431: - The eap-radius authentication backend enforces Session-Timeout attributes
! 1432: using RFC4478 repeated authentication and acts upon RADIUS Dynamic
! 1433: Authorization extensions, RFC 5176. Currently supported are disconnect
! 1434: requests and CoA messages containing a Session-Timeout.
! 1435:
! 1436: - The eap-radius plugin can forward arbitrary RADIUS attributes from and to
! 1437: clients using custom IKEv2 notify payloads. The new radattr plugin reads
! 1438: attributes to include from files and prints received attributes to the
! 1439: console.
! 1440:
! 1441: - Added support for untruncated MD5 and SHA1 HMACs in ESP as used in
! 1442: RFC 4595.
! 1443:
! 1444: - The cmac plugin implements the AES-CMAC-96 and AES-CMAC-PRF-128 algorithms
! 1445: as defined in RFC 4494 and RFC 4615, respectively.
! 1446:
! 1447: - The resolve plugin automatically installs nameservers via resolvconf(8),
! 1448: if it is installed, instead of modifying /etc/resolv.conf directly.
! 1449:
! 1450: - The IKEv2 charon daemon supports now raw RSA public keys in RFC 3110
! 1451: DNSKEY and PKCS#1 file format.
! 1452:
! 1453:
! 1454: strongswan-4.6.2
! 1455: ----------------
! 1456:
! 1457: - Upgraded the TCG IF-IMC and IF-IMV C API to the upcoming version 1.3
! 1458: which supports IF-TNCCS 2.0 long message types, the exclusive flags
! 1459: and multiple IMC/IMV IDs. Both the TNC Client and Server as well as
! 1460: the "Test", "Scanner", and "Attestation" IMC/IMV pairs were updated.
! 1461:
! 1462: - Fully implemented the "TCG Attestation PTS Protocol: Binding to IF-M"
! 1463: standard (TLV-based messages only). TPM-based remote attestation of
! 1464: Linux IMA (Integrity Measurement Architecture) possible. Measurement
! 1465: reference values are automatically stored in an SQLite database.
! 1466:
! 1467: - The EAP-RADIUS authentication backend supports RADIUS accounting. It sends
! 1468: start/stop messages containing Username, Framed-IP and Input/Output-Octets
! 1469: attributes and has been tested against FreeRADIUS and Microsoft NPS.
! 1470:
! 1471: - Added support for PKCS#8 encoded private keys via the libstrongswan
! 1472: pkcs8 plugin. This is the default format used by some OpenSSL tools since
! 1473: version 1.0.0 (e.g. openssl req with -keyout).
! 1474:
! 1475: - Added session resumption support to the strongSwan TLS stack.
! 1476:
! 1477:
! 1478: strongswan-4.6.1
! 1479: ----------------
! 1480:
! 1481: - Because of changing checksums before and after installation which caused
! 1482: the integrity tests to fail we avoided directly linking libsimaka, libtls and
! 1483: libtnccs to those libcharon plugins which make use of these dynamic libraries.
! 1484: Instead we linked the libraries to the charon daemon. Unfortunately Ubuntu
! 1485: 11.10 activated the --as-needed ld option which discards explicit links
! 1486: to dynamic libraries that are not actually used by the charon daemon itself,
! 1487: thus causing failures during the loading of the plugins which depend on these
! 1488: libraries for resolving external symbols.
! 1489:
! 1490: - Therefore our approach of computing integrity checksums for plugins had to be
! 1491: changed radically by moving the hash generation from the compilation to the
! 1492: post-installation phase.
! 1493:
! 1494:
! 1495: strongswan-4.6.0
! 1496: ----------------
! 1497:
! 1498: - The new libstrongswan certexpire plugin collects expiration information of
! 1499: all used certificates and exports them to CSV files. It either directly
! 1500: exports them or uses cron style scheduling for batch exports.
! 1501:
! 1502: - starter passes unresolved hostnames to charon, allowing it to do name
! 1503: resolution not before the connection attempt. This is especially useful with
! 1504: connections between hosts using dynamic IP addresses. Thanks to Mirko Parthey
! 1505: for the initial patch.
! 1506:
! 1507: - The android plugin can now be used without the Android frontend patch and
! 1508: provides DNS server registration and logging to logcat.
! 1509:
! 1510: - Pluto and starter (plus stroke and whack) have been ported to Android.
! 1511:
! 1512: - Support for ECDSA private and public key operations has been added to the
! 1513: pkcs11 plugin. The plugin now also provides DH and ECDH via PKCS#11 and can
! 1514: use tokens as random number generators (RNG). By default only private key
! 1515: operations are enabled, more advanced features have to be enabled by their
! 1516: option in strongswan.conf. This also applies to public key operations (even
! 1517: for keys not stored on the token) which were enabled by default before.
! 1518:
! 1519: - The libstrongswan plugin system now supports detailed plugin dependencies.
! 1520: Many plugins have been extended to export its capabilities and requirements.
! 1521: This allows the plugin loader to resolve plugin loading order automatically,
! 1522: and in future releases, to dynamically load the required features on demand.
! 1523: Existing third party plugins are source (but not binary) compatible if they
! 1524: properly initialize the new get_features() plugin function to NULL.
! 1525:
! 1526: - The tnc-ifmap plugin implements a TNC IF-MAP 2.0 client which can deliver
! 1527: metadata about IKE_SAs via a SOAP interface to a MAP server. The tnc-ifmap
! 1528: plugin requires the Apache Axis2/C library.
! 1529:
! 1530:
! 1531: strongswan-4.5.3
! 1532: ----------------
! 1533:
! 1534: - Our private libraries (e.g. libstrongswan) are not installed directly in
! 1535: prefix/lib anymore. Instead a subdirectory is used (prefix/lib/ipsec/ by
! 1536: default). The plugins directory is also moved from libexec/ipsec/ to that
! 1537: directory.
! 1538:
! 1539: - The dynamic IMC/IMV libraries were moved from the plugins directory to
! 1540: a new imcvs directory in the prefix/lib/ipsec/ subdirectory.
! 1541:
! 1542: - Job priorities were introduced to prevent thread starvation caused by too
! 1543: many threads handling blocking operations (such as CRL fetching). Refer to
! 1544: strongswan.conf(5) for details.
! 1545:
! 1546: - Two new strongswan.conf options allow to fine-tune performance on IKEv2
! 1547: gateways by dropping IKE_SA_INIT requests on high load.
! 1548:
! 1549: - IKEv2 charon daemon supports start PASS and DROP shunt policies
! 1550: preventing traffic to go through IPsec connections. Installation of the
! 1551: shunt policies either via the XFRM netfilter or PFKEYv2 IPsec kernel
! 1552: interfaces.
! 1553:
! 1554: - The history of policies installed in the kernel is now tracked so that e.g.
! 1555: trap policies are correctly updated when reauthenticated SAs are terminated.
! 1556:
! 1557: - IMC/IMV Scanner pair implementing the RFC 5792 PA-TNC (IF-M) protocol.
! 1558: Using "netstat -l" the IMC scans open listening ports on the TNC client
! 1559: and sends a port list to the IMV which based on a port policy decides if
! 1560: the client is admitted to the network.
! 1561: (--enable-imc-scanner/--enable-imv-scanner).
! 1562:
! 1563: - IMC/IMV Test pair implementing the RFC 5792 PA-TNC (IF-M) protocol.
! 1564: (--enable-imc-test/--enable-imv-test).
! 1565:
! 1566: - The IKEv2 close action does not use the same value as the ipsec.conf dpdaction
! 1567: setting, but the value defined by its own closeaction keyword. The action
! 1568: is triggered if the remote peer closes a CHILD_SA unexpectedly.
! 1569:
! 1570:
! 1571: strongswan-4.5.2
! 1572: ----------------
! 1573:
! 1574: - The whitelist plugin for the IKEv2 daemon maintains an in-memory identity
! 1575: whitelist. Any connection attempt of peers not whitelisted will get rejected.
! 1576: The 'ipsec whitelist' utility provides a simple command line frontend for
! 1577: whitelist administration.
! 1578:
! 1579: - The duplicheck plugin provides a specialized form of duplicate checking,
! 1580: doing a liveness check on the old SA and optionally notify a third party
! 1581: application about detected duplicates.
! 1582:
! 1583: - The coupling plugin permanently couples two or more devices by limiting
! 1584: authentication to previously used certificates.
! 1585:
! 1586: - In the case that the peer config and child config don't have the same name
! 1587: (usually in SQL database defined connections), ipsec up|route <peer config>
! 1588: starts|routes all associated child configs and ipsec up|route <child config>
! 1589: only starts|routes the specific child config.
! 1590:
! 1591: - fixed the encoding and parsing of X.509 certificate policy statements (CPS).
! 1592:
! 1593: - Duncan Salerno contributed the eap-sim-pcsc plugin implementing a
! 1594: pcsc-lite based SIM card backend.
! 1595:
! 1596: - The eap-peap plugin implements the EAP PEAP protocol. Interoperates
! 1597: successfully with a FreeRADIUS server and Windows 7 Agile VPN clients.
! 1598:
! 1599: - The IKEv2 daemon charon rereads strongswan.conf on SIGHUP and instructs
! 1600: all plugins to reload. Currently only the eap-radius and the attr plugins
! 1601: support configuration reloading.
! 1602:
! 1603: - Added userland support to the IKEv2 daemon for Extended Sequence Numbers
! 1604: support coming with Linux 2.6.39. To enable ESN on a connection, add
! 1605: the 'esn' keyword to the proposal. The default proposal uses 32-bit sequence
! 1606: numbers only ('noesn'), and the same value is used if no ESN mode is
! 1607: specified. To negotiate ESN support with the peer, include both, e.g.
! 1608: esp=aes128-sha1-esn-noesn.
! 1609:
! 1610: - In addition to ESN, Linux 2.6.39 gained support for replay windows larger
! 1611: than 32 packets. The new global strongswan.conf option 'charon.replay_window'
! 1612: configures the size of the replay window, in packets.
! 1613:
! 1614:
! 1615: strongswan-4.5.1
! 1616: ----------------
! 1617:
! 1618: - Sansar Choinyambuu implemented the RFC 5793 Posture Broker Protocol (BP)
! 1619: compatible with Trusted Network Connect (TNC). The TNCCS 2.0 protocol
! 1620: requires the tnccs_20, tnc_imc and tnc_imv plugins but does not depend
! 1621: on the libtnc library. Any available IMV/IMC pairs conforming to the
! 1622: Trusted Computing Group's TNC-IF-IMV/IMC 1.2 interface specification
! 1623: can be loaded via /etc/tnc_config.
! 1624:
! 1625: - Re-implemented the TNCCS 1.1 protocol by using the tnc_imc and tnc_imv
! 1626: in place of the external libtnc library.
! 1627:
! 1628: - The tnccs_dynamic plugin loaded on a TNC server in addition to the
! 1629: tnccs_11 and tnccs_20 plugins, dynamically detects the IF-TNCCS
! 1630: protocol version used by a TNC client and invokes an instance of
! 1631: the corresponding protocol stack.
! 1632:
! 1633: - IKE and ESP proposals can now be stored in an SQL database using a
! 1634: new proposals table. The start_action field in the child_configs
! 1635: tables allows the automatic starting or routing of connections stored
! 1636: in an SQL database.
! 1637:
! 1638: - The new certificate_authorities and certificate_distribution_points
! 1639: tables make it possible to store CRL and OCSP Certificate Distribution
! 1640: points in an SQL database.
! 1641:
! 1642: - The new 'include' statement allows to recursively include other files in
! 1643: strongswan.conf. Existing sections and values are thereby extended and
! 1644: replaced, respectively.
! 1645:
! 1646: - Due to the changes in the parser for strongswan.conf, the configuration
! 1647: syntax for the attr plugin has changed. Previously, it was possible to
! 1648: specify multiple values of a specific attribute type by adding multiple
! 1649: key/value pairs with the same key (e.g. dns) to the plugins.attr section.
! 1650: Because values with the same key now replace previously defined values
! 1651: this is not possible anymore. As an alternative, multiple values can be
! 1652: specified by separating them with a comma (e.g. dns = 1.2.3.4, 2.3.4.5).
! 1653:
! 1654: - ipsec listalgs now appends (set in square brackets) to each crypto
! 1655: algorithm listed the plugin that registered the function.
! 1656:
! 1657: - Traffic Flow Confidentiality padding supported with Linux 2.6.38 can be used
! 1658: by the IKEv2 daemon. The ipsec.conf 'tfc' keyword pads all packets to a given
! 1659: boundary, the special value '%mtu' pads all packets to the path MTU.
! 1660:
! 1661: - The new af-alg plugin can use various crypto primitives of the Linux Crypto
! 1662: API using the AF_ALG interface introduced with 2.6.38. This removes the need
! 1663: for additional userland implementations of symmetric cipher, hash, hmac and
! 1664: xcbc algorithms.
! 1665:
! 1666: - The IKEv2 daemon supports the INITIAL_CONTACT notify as initiator and
! 1667: responder. The notify is sent when initiating configurations with a unique
! 1668: policy, set in ipsec.conf via the global 'uniqueids' option.
! 1669:
! 1670: - The conftest conformance testing framework enables the IKEv2 stack to perform
! 1671: many tests using a distinct tool and configuration frontend. Various hooks
! 1672: can alter reserved bits, flags, add custom notifies and proposals, reorder
! 1673: or drop messages and much more. It is enabled using the --enable-conftest
! 1674: ./configure switch.
! 1675:
! 1676: - The new libstrongswan constraints plugin provides advanced X.509 constraint
! 1677: checking. In addition to X.509 pathLen constraints, the plugin checks for
! 1678: nameConstraints and certificatePolicies, including policyMappings and
! 1679: policyConstraints. The x509 certificate plugin and the pki tool have been
! 1680: enhanced to support these extensions. The new left/rightcertpolicy ipsec.conf
! 1681: connection keywords take OIDs a peer certificate must have.
! 1682:
! 1683: - The left/rightauth ipsec.conf keywords accept values with a minimum strength
! 1684: for trustchain public keys in bits, such as rsa-2048 or ecdsa-256.
! 1685:
! 1686: - The revocation and x509 libstrongswan plugins and the pki tool gained basic
! 1687: support for delta CRLs.
! 1688:
! 1689:
! 1690: strongswan-4.5.0
! 1691: ----------------
! 1692:
! 1693: - IMPORTANT: the default keyexchange mode 'ike' is changing with release 4.5
! 1694: from 'ikev1' to 'ikev2', thus commemorating the five year anniversary of the
! 1695: IKEv2 RFC 4306 and its mature successor RFC 5996. The time has definitively
! 1696: come for IKEv1 to go into retirement and to cede its place to the much more
! 1697: robust, powerful and versatile IKEv2 protocol!
! 1698:
! 1699: - Added new ctr, ccm and gcm plugins providing Counter, Counter with CBC-MAC
! 1700: and Galois/Counter Modes based on existing CBC implementations. These
! 1701: new plugins bring support for AES and Camellia Counter and CCM algorithms
! 1702: and the AES GCM algorithms for use in IKEv2.
! 1703:
! 1704: - The new pkcs11 plugin brings full Smartcard support to the IKEv2 daemon and
! 1705: the pki utility using one or more PKCS#11 libraries. It currently supports
! 1706: RSA private and public key operations and loads X.509 certificates from
! 1707: tokens.
! 1708:
! 1709: - Implemented a general purpose TLS stack based on crypto and credential
! 1710: primitives of libstrongswan. libtls supports TLS versions 1.0, 1.1 and 1.2,
! 1711: ECDHE-ECDSA/RSA, DHE-RSA and RSA key exchange algorithms and RSA/ECDSA based
! 1712: client authentication.
! 1713:
! 1714: - Based on libtls, the eap-tls plugin brings certificate based EAP
! 1715: authentication for client and server. It is compatible to Windows 7 IKEv2
! 1716: Smartcard authentication and the OpenSSL based FreeRADIUS EAP-TLS backend.
! 1717:
! 1718: - Implemented the TNCCS 1.1 Trusted Network Connect protocol using the
! 1719: libtnc library on the strongSwan client and server side via the tnccs_11
! 1720: plugin and optionally connecting to a TNC@FHH-enhanced FreeRADIUS AAA server.
! 1721: Depending on the resulting TNC Recommendation, strongSwan clients are granted
! 1722: access to a network behind a strongSwan gateway (allow), are put into a
! 1723: remediation zone (isolate) or are blocked (none), respectively. Any number
! 1724: of Integrity Measurement Collector/Verifier pairs can be attached
! 1725: via the tnc-imc and tnc-imv charon plugins.
! 1726:
! 1727: - The IKEv1 daemon pluto now uses the same kernel interfaces as the IKEv2
! 1728: daemon charon. As a result of this, pluto now supports xfrm marks which
! 1729: were introduced in charon with 4.4.1.
! 1730:
! 1731: - Applets for Maemo 5 (Nokia) allow to easily configure and control IKEv2
! 1732: based VPN connections with EAP authentication on supported devices.
! 1733:
! 1734: - The RADIUS plugin eap-radius now supports multiple RADIUS servers for
! 1735: redundant setups. Servers are selected by a defined priority, server load and
! 1736: availability.
! 1737:
! 1738: - The simple led plugin controls hardware LEDs through the Linux LED subsystem.
! 1739: It currently shows activity of the IKE daemon and is a good example how to
! 1740: implement a simple event listener.
! 1741:
! 1742: - Improved MOBIKE behavior in several corner cases, for instance, if the
! 1743: initial responder moves to a different address.
! 1744:
! 1745: - Fixed left-/rightnexthop option, which was broken since 4.4.0.
! 1746:
! 1747: - Fixed a bug not releasing a virtual IP address to a pool if the XAUTH
! 1748: identity was different from the IKE identity.
! 1749:
! 1750: - Fixed the alignment of ModeConfig messages on 4-byte boundaries in the
! 1751: case where the attributes are not a multiple of 4 bytes (e.g. Cisco's
! 1752: UNITY_BANNER).
! 1753:
! 1754: - Fixed the interoperability of the socket_raw and socket_default
! 1755: charon plugins.
! 1756:
! 1757: - Added man page for strongswan.conf
! 1758:
! 1759:
! 1760: strongswan-4.4.1
! 1761: ----------------
! 1762:
! 1763: - Support of xfrm marks in IPsec SAs and IPsec policies introduced
! 1764: with the Linux 2.6.34 kernel. For details see the example scenarios
! 1765: ikev2/nat-two-rw-mark, ikev2/rw-nat-mark-in-out and ikev2/net2net-psk-dscp.
! 1766:
! 1767: - The PLUTO_MARK_IN and PLUTO_ESP_ENC environment variables can be used
! 1768: in a user-specific updown script to set marks on inbound ESP or
! 1769: ESP_IN_UDP packets.
! 1770:
! 1771: - The openssl plugin now supports X.509 certificate and CRL functions.
! 1772:
! 1773: - OCSP/CRL checking in IKEv2 has been moved to the revocation plugin, enabled
! 1774: by default. Please update manual load directives in strongswan.conf.
! 1775:
! 1776: - RFC3779 ipAddrBlock constraint checking has been moved to the addrblock
! 1777: plugin, disabled by default. Enable it and update manual load directives
! 1778: in strongswan.conf, if required.
! 1779:
! 1780: - The pki utility supports CRL generation using the --signcrl command.
! 1781:
! 1782: - The ipsec pki --self, --issue and --req commands now support output in
! 1783: PEM format using the --outform pem option.
! 1784:
! 1785: - The major refactoring of the IKEv1 Mode Config functionality now allows
! 1786: the transport and handling of any Mode Config attribute.
! 1787:
! 1788: - The RADIUS proxy plugin eap-radius now supports multiple servers. Configured
! 1789: servers are chosen randomly, with the option to prefer a specific server.
! 1790: Non-responding servers are degraded by the selection process.
! 1791:
! 1792: - The ipsec pool tool manages arbitrary configuration attributes stored
! 1793: in an SQL database. ipsec pool --help gives the details.
! 1794:
! 1795: - The new eap-simaka-sql plugin acts as a backend for EAP-SIM and EAP-AKA,
! 1796: reading triplets/quintuplets from an SQL database.
! 1797:
! 1798: - The High Availability plugin now supports a HA enabled in-memory address
! 1799: pool and Node reintegration without IKE_SA rekeying. The latter allows
! 1800: clients without IKE_SA rekeying support to keep connected during
! 1801: reintegration. Additionally, many other issues have been fixed in the ha
! 1802: plugin.
! 1803:
! 1804: - Fixed a potential remote code execution vulnerability resulting from
! 1805: the misuse of snprintf(). The vulnerability is exploitable by
! 1806: unauthenticated users.
! 1807:
! 1808:
! 1809: strongswan-4.4.0
! 1810: ----------------
! 1811:
! 1812: - The IKEv2 High Availability plugin has been integrated. It provides
! 1813: load sharing and failover capabilities in a cluster of currently two nodes,
! 1814: based on an extend ClusterIP kernel module. More information is available at
! 1815: https://wiki.strongswan.org/projects/strongswan/wiki/HighAvailability.
! 1816: The development of the High Availability functionality was sponsored by
! 1817: secunet Security Networks AG.
! 1818:
! 1819: - Added IKEv1 and IKEv2 configuration support for the AES-GMAC
! 1820: authentication-only ESP cipher. Our aes_gmac kernel patch or a Linux
! 1821: 2.6.34 kernel is required to make AES-GMAC available via the XFRM
! 1822: kernel interface.
! 1823:
! 1824: - Added support for Diffie-Hellman groups 22, 23 and 24 to the gmp, gcrypt
! 1825: and openssl plugins, usable by both pluto and charon. The new proposal
! 1826: keywords are modp1024s160, modp2048s224 and modp2048s256. Thanks to Joy Latten
! 1827: from IBM for his contribution.
! 1828:
! 1829: - The IKEv1 pluto daemon supports RAM-based virtual IP pools using
! 1830: the rightsourceip directive with a subnet from which addresses
! 1831: are allocated.
! 1832:
! 1833: - The ipsec pki --gen and --pub commands now allow the output of
! 1834: private and public keys in PEM format using the --outform pem
! 1835: command line option.
! 1836:
! 1837: - The new DHCP plugin queries virtual IP addresses for clients from a DHCP
! 1838: server using broadcasts, or a defined server using the
! 1839: charon.plugins.dhcp.server strongswan.conf option. DNS/WINS server information
! 1840: is additionally served to clients if the DHCP server provides such
! 1841: information. The plugin is used in ipsec.conf configurations having
! 1842: rightsourceip set to %dhcp.
! 1843:
! 1844: - A new plugin called farp fakes ARP responses for virtual IP addresses
! 1845: handed out to clients from the IKEv2 daemon charon. The plugin lets a
! 1846: road-warrior act as a client on the local LAN if it uses a virtual IP
! 1847: from the responders subnet, e.g. acquired using the DHCP plugin.
! 1848:
! 1849: - The existing IKEv2 socket implementations have been migrated to the
! 1850: socket-default and the socket-raw plugins. The new socket-dynamic plugin
! 1851: binds sockets dynamically to ports configured via the left-/rightikeport
! 1852: ipsec.conf connection parameters.
! 1853:
! 1854: - The android charon plugin stores received DNS server information as "net.dns"
! 1855: system properties, as used by the Android platform.
! 1856:
! 1857:
! 1858: strongswan-4.3.6
! 1859: ----------------
! 1860:
! 1861: - The IKEv2 daemon supports RFC 3779 IP address block constraints
! 1862: carried as a critical X.509v3 extension in the peer certificate.
! 1863:
! 1864: - The ipsec pool --add|del dns|nbns command manages DNS and NBNS name
! 1865: server entries that are sent via the IKEv1 Mode Config or IKEv2
! 1866: Configuration Payload to remote clients.
! 1867:
! 1868: - The Camellia cipher can be used as an IKEv1 encryption algorithm.
! 1869:
! 1870: - The IKEv1 and IKEV2 daemons now check certificate path length constraints.
! 1871:
! 1872: - The new ipsec.conf conn option "inactivity" closes a CHILD_SA if no traffic
! 1873: was sent or received within the given interval. To close the complete IKE_SA
! 1874: if its only CHILD_SA was inactive, set the global strongswan.conf option
! 1875: "charon.inactivity_close_ike" to yes.
! 1876:
! 1877: - More detailed IKEv2 EAP payload information in debug output
! 1878:
! 1879: - IKEv2 EAP-SIM and EAP-AKA share joint libsimaka library
! 1880:
! 1881: - Added required userland changes for proper SHA256 and SHA384/512 in ESP that
! 1882: will be introduced with Linux 2.6.33. The "sha256"/"sha2_256" keyword now
! 1883: configures the kernel with 128 bit truncation, not the non-standard 96
! 1884: bit truncation used by previous releases. To use the old 96 bit truncation
! 1885: scheme, the new "sha256_96" proposal keyword has been introduced.
! 1886:
! 1887: - Fixed IPComp in tunnel mode, stripping out the duplicated outer header. This
! 1888: change makes IPcomp tunnel mode connections incompatible with previous
! 1889: releases; disable compression on such tunnels.
! 1890:
! 1891: - Fixed BEET mode connections on recent kernels by installing SAs with
! 1892: appropriate traffic selectors, based on a patch by Michael Rossberg.
! 1893:
! 1894: - Using extensions (such as BEET mode) and crypto algorithms (such as twofish,
! 1895: serpent, sha256_96) allocated in the private use space now require that we
! 1896: know its meaning, i.e. we are talking to strongSwan. Use the new
! 1897: "charon.send_vendor_id" option in strongswan.conf to let the remote peer know
! 1898: this is the case.
! 1899:
! 1900: - Experimental support for draft-eronen-ipsec-ikev2-eap-auth, where the
! 1901: responder omits public key authentication in favor of a mutual authentication
! 1902: method. To enable EAP-only authentication, set rightauth=eap on the responder
! 1903: to rely only on the MSK constructed AUTH payload. This not-yet standardized
! 1904: extension requires the strongSwan vendor ID introduced above.
! 1905:
! 1906: - The IKEv1 daemon ignores the Juniper SRX notification type 40001, thus
! 1907: allowing interoperability.
! 1908:
! 1909:
! 1910: strongswan-4.3.5
! 1911: ----------------
! 1912:
! 1913: - The IKEv1 pluto daemon can now use SQL-based address pools to deal out
! 1914: virtual IP addresses as a Mode Config server. The pool capability has been
! 1915: migrated from charon's sql plugin to a new attr-sql plugin which is loaded
! 1916: by libstrongswan and which can be used by both daemons either with a SQLite
! 1917: or MySQL database and the corresponding plugin.
! 1918:
! 1919: - Plugin names have been streamlined: EAP plugins now have a dash after eap
! 1920: (e.g. eap-sim), as it is used with the --enable-eap-sim ./configure option.
! 1921: Plugin configuration sections in strongswan.conf now use the same name as the
! 1922: plugin itself (i.e. with a dash). Make sure to update "load" directives and
! 1923: the affected plugin sections in existing strongswan.conf files.
! 1924:
! 1925: - The private/public key parsing and encoding has been split up into
! 1926: separate pkcs1, pgp, pem and dnskey plugins. The public key implementation
! 1927: plugins gmp, gcrypt and openssl can all make use of them.
! 1928:
! 1929: - The EAP-AKA plugin can use different backends for USIM/quintuplet
! 1930: calculations, very similar to the EAP-SIM plugin. The existing 3GPP2 software
! 1931: implementation has been migrated to a separate plugin.
! 1932:
! 1933: - The IKEv2 daemon charon gained basic PGP support. It can use locally installed
! 1934: peer certificates and can issue signatures based on RSA private keys.
! 1935:
! 1936: - The new 'ipsec pki' tool provides a set of commands to maintain a public
! 1937: key infrastructure. It currently supports operations to create RSA and ECDSA
! 1938: private/public keys, calculate fingerprints and issue or verify certificates.
! 1939:
! 1940: - Charon uses a monotonic time source for statistics and job queueing, behaving
! 1941: correctly if the system time changes (e.g. when using NTP).
! 1942:
! 1943: - In addition to time based rekeying, charon supports IPsec SA lifetimes based
! 1944: on processed volume or number of packets. They new ipsec.conf parameters
! 1945: 'lifetime' (an alias to 'keylife'), 'lifebytes' and 'lifepackets' handle
! 1946: SA timeouts, while the parameters 'margintime' (an alias to rekeymargin),
! 1947: 'marginbytes' and 'marginpackets' trigger the rekeying before a SA expires.
! 1948: The existing parameter 'rekeyfuzz' affects all margins.
! 1949:
! 1950: - If no CA/Gateway certificate is specified in the NetworkManager plugin,
! 1951: charon uses a set of trusted root certificates preinstalled by distributions.
! 1952: The directory containing CA certificates can be specified using the
! 1953: --with-nm-ca-dir=path configure option.
! 1954:
! 1955: - Fixed the encoding of the Email relative distinguished name in left|rightid
! 1956: statements.
! 1957:
! 1958: - Fixed the broken parsing of PKCS#7 wrapped certificates by the pluto daemon.
! 1959:
! 1960: - Fixed smartcard-based authentication in the pluto daemon which was broken by
! 1961: the ECDSA support introduced with the 4.3.2 release.
! 1962:
! 1963: - A patch contributed by Heiko Hund fixes mixed IPv6 in IPv4 and vice versa
! 1964: tunnels established with the IKEv1 pluto daemon.
! 1965:
! 1966: - The pluto daemon now uses the libstrongswan x509 plugin for certificates and
! 1967: CRls and the struct id type was replaced by identification_t used by charon
! 1968: and the libstrongswan library.
! 1969:
! 1970:
! 1971: strongswan-4.3.4
! 1972: ----------------
! 1973:
! 1974: - IKEv2 charon daemon ported to FreeBSD and Mac OS X. Installation details can
! 1975: be found on wiki.strongswan.org.
! 1976:
! 1977: - ipsec statusall shows the number of bytes transmitted and received over
! 1978: ESP connections configured by the IKEv2 charon daemon.
! 1979:
! 1980: - The IKEv2 charon daemon supports include files in ipsec.secrets.
! 1981:
! 1982:
! 1983: strongswan-4.3.3
! 1984: ----------------
! 1985:
! 1986: - The configuration option --enable-integrity-test plus the strongswan.conf
! 1987: option libstrongswan.integrity_test = yes activate integrity tests
! 1988: of the IKE daemons charon and pluto, libstrongswan and all loaded
! 1989: plugins. Thus dynamic library misconfigurations and non-malicious file
! 1990: manipulations can be reliably detected.
! 1991:
! 1992: - The new default setting libstrongswan.ecp_x_coordinate_only=yes allows
! 1993: IKEv1 interoperability with MS Windows using the ECP DH groups 19 and 20.
! 1994:
! 1995: - The IKEv1 pluto daemon now supports the AES-CCM and AES-GCM ESP
! 1996: authenticated encryption algorithms.
! 1997:
! 1998: - The IKEv1 pluto daemon now supports V4 OpenPGP keys.
! 1999:
! 2000: - The RDN parser vulnerability discovered by Orange Labs research team
! 2001: was not completely fixed in version 4.3.2. Some more modifications
! 2002: had to be applied to the asn1_length() function to make it robust.
! 2003:
! 2004:
! 2005: strongswan-4.3.2
! 2006: ----------------
! 2007:
! 2008: - The new gcrypt plugin provides symmetric cipher, hasher, RNG, Diffie-Hellman
! 2009: and RSA crypto primitives using the LGPL licensed GNU gcrypt library.
! 2010:
! 2011: - libstrongswan features an integrated crypto selftest framework for registered
! 2012: algorithms. The test-vector plugin provides a first set of test vectors and
! 2013: allows pluto and charon to rely on tested crypto algorithms.
! 2014:
! 2015: - pluto can now use all libstrongswan plugins with the exception of x509 and xcbc.
! 2016: Thanks to the openssl plugin, the ECP Diffie-Hellman groups 19, 20, 21, 25, and
! 2017: 26 as well as ECDSA-256, ECDSA-384, and ECDSA-521 authentication can be used
! 2018: with IKEv1.
! 2019:
! 2020: - Applying their fuzzing tool, the Orange Labs vulnerability research team found
! 2021: another two DoS vulnerabilities, one in the rather old ASN.1 parser of Relative
! 2022: Distinguished Names (RDNs) and a second one in the conversion of ASN.1 UTCTIME
! 2023: and GENERALIZEDTIME strings to a time_t value.
! 2024:
! 2025:
! 2026: strongswan-4.3.1
! 2027: ----------------
! 2028:
! 2029: - The nm plugin now passes DNS/NBNS server information to NetworkManager,
! 2030: allowing a gateway administrator to set DNS/NBNS configuration on clients
! 2031: dynamically.
! 2032:
! 2033: - The nm plugin also accepts CA certificates for gateway authentication. If
! 2034: a CA certificate is configured, strongSwan uses the entered gateway address
! 2035: as its identity, requiring the gateways certificate to contain the same as
! 2036: subjectAltName. This allows a gateway administrator to deploy the same
! 2037: certificates to Windows 7 and NetworkManager clients.
! 2038:
! 2039: - The command ipsec purgeike deletes IKEv2 SAs that don't have a CHILD SA.
! 2040: The command ipsec down <conn>{n} deletes CHILD SA instance n of connection
! 2041: <conn> whereas ipsec down <conn>{*} deletes all CHILD SA instances.
! 2042: The command ipsec down <conn>[n] deletes IKE SA instance n of connection
! 2043: <conn> plus dependent CHILD SAs whereas ipsec down <conn>[*] deletes all
! 2044: IKE SA instances of connection <conn>.
! 2045:
! 2046: - Fixed a regression introduced in 4.3.0 where EAP authentication calculated
! 2047: the AUTH payload incorrectly. Further, the EAP-MSCHAPv2 MSK key derivation
! 2048: has been updated to be compatible with the Windows 7 Release Candidate.
! 2049:
! 2050: - Refactored installation of triggering policies. Routed policies are handled
! 2051: outside of IKE_SAs to keep them installed in any case. A tunnel gets
! 2052: established only once, even if initiation is delayed due network outages.
! 2053:
! 2054: - Improved the handling of multiple acquire signals triggered by the kernel.
! 2055:
! 2056: - Fixed two DoS vulnerabilities in the charon daemon that were discovered by
! 2057: fuzzing techniques: 1) Sending a malformed IKE_SA_INIT request leaved an
! 2058: incomplete state which caused a null pointer dereference if a subsequent
! 2059: CREATE_CHILD_SA request was sent. 2) Sending an IKE_AUTH request with either
! 2060: a missing TSi or TSr payload caused a null pointer dereference because the
! 2061: checks for TSi and TSr were interchanged. The IKEv2 fuzzer used was
! 2062: developed by the Orange Labs vulnerability research team. The tool was
! 2063: initially written by Gabriel Campana and is now maintained by Laurent Butti.
! 2064:
! 2065: - Added support for AES counter mode in ESP in IKEv2 using the proposal
! 2066: keywords aes128ctr, aes192ctr and aes256ctr.
! 2067:
! 2068: - Further progress in refactoring pluto: Use of the curl and ldap plugins
! 2069: for fetching crls and OCSP. Use of the random plugin to get keying material
! 2070: from /dev/random or /dev/urandom. Use of the openssl plugin as an alternative
! 2071: to the aes, des, sha1, sha2, and md5 plugins. The blowfish, twofish, and
! 2072: serpent encryption plugins are now optional and are not enabled by default.
! 2073:
! 2074:
! 2075: strongswan-4.3.0
! 2076: ----------------
! 2077:
! 2078: - Support for the IKEv2 Multiple Authentication Exchanges extension (RFC4739).
! 2079: Initiators and responders can use several authentication rounds (e.g. RSA
! 2080: followed by EAP) to authenticate. The new ipsec.conf leftauth/rightauth and
! 2081: leftauth2/rightauth2 parameters define own authentication rounds or setup
! 2082: constraints for the remote peer. See the ipsec.conf man page for more details.
! 2083:
! 2084: - If glibc printf hooks (register_printf_function) are not available,
! 2085: strongSwan can use the vstr string library to run on non-glibc systems.
! 2086:
! 2087: - The IKEv2 charon daemon can now configure the ESP CAMELLIA-CBC cipher
! 2088: (esp=camellia128|192|256).
! 2089:
! 2090: - Refactored the pluto and scepclient code to use basic functions (memory
! 2091: allocation, leak detective, chunk handling, printf_hooks, strongswan.conf
! 2092: attributes, ASN.1 parser, etc.) from the libstrongswan library.
! 2093:
! 2094: - Up to two DNS and WINS servers to be sent via IKEv1 ModeConfig can be
! 2095: configured in the pluto section of strongswan.conf.
! 2096:
! 2097:
! 2098: strongswan-4.2.14
! 2099: -----------------
! 2100:
! 2101: - The new server-side EAP RADIUS plugin (--enable-eap-radius)
! 2102: relays EAP messages to and from a RADIUS server. Successfully
! 2103: tested with with a freeradius server using EAP-MD5 and EAP-SIM.
! 2104:
! 2105: - A vulnerability in the Dead Peer Detection (RFC 3706) code was found by
! 2106: Gerd v. Egidy <gerd.von.egidy@intra2net.com> of Intra2net AG affecting
! 2107: all Openswan and strongSwan releases. A malicious (or expired ISAKMP)
! 2108: R_U_THERE or R_U_THERE_ACK Dead Peer Detection packet can cause the
! 2109: pluto IKE daemon to crash and restart. No authentication or encryption
! 2110: is required to trigger this bug. One spoofed UDP packet can cause the
! 2111: pluto IKE daemon to restart and be unresponsive for a few seconds while
! 2112: restarting. This DPD null state vulnerability has been officially
! 2113: registered as CVE-2009-0790 and is fixed by this release.
! 2114:
! 2115: - ASN.1 to time_t conversion caused a time wrap-around for
! 2116: dates after Jan 18 03:14:07 UTC 2038 on 32-bit platforms.
! 2117: As a workaround such dates are set to the maximum representable
! 2118: time, i.e. Jan 19 03:14:07 UTC 2038.
! 2119:
! 2120: - Distinguished Names containing wildcards (*) are not sent in the
! 2121: IDr payload anymore.
! 2122:
! 2123:
! 2124: strongswan-4.2.13
! 2125: -----------------
! 2126:
! 2127: - Fixed a use-after-free bug in the DPD timeout section of the
! 2128: IKEv1 pluto daemon which sporadically caused a segfault.
! 2129:
! 2130: - Fixed a crash in the IKEv2 charon daemon occurring with
! 2131: mixed RAM-based and SQL-based virtual IP address pools.
! 2132:
! 2133: - Fixed ASN.1 parsing of algorithmIdentifier objects where the
! 2134: parameters field is optional.
! 2135:
! 2136: - Ported nm plugin to NetworkManager 7.1.
! 2137:
! 2138:
! 2139: strongswan-4.2.12
! 2140: -----------------
! 2141:
! 2142: - Support of the EAP-MSCHAPv2 protocol enabled by the option
! 2143: --enable-eap-mschapv2. Requires the MD4 hash algorithm enabled
! 2144: either by --enable-md4 or --enable-openssl.
! 2145:
! 2146: - Assignment of up to two DNS and up to two WINS servers to peers via
! 2147: the IKEv2 Configuration Payload (CP). The IPv4 or IPv6 nameserver
! 2148: addresses are defined in strongswan.conf.
! 2149:
! 2150: - The strongSwan applet for the Gnome NetworkManager is now built and
! 2151: distributed as a separate tarball under the name NetworkManager-strongswan.
! 2152:
! 2153:
! 2154: strongswan-4.2.11
! 2155: -----------------
! 2156:
! 2157: - Fixed ESP NULL encryption broken by the refactoring of keymat.c.
! 2158: Also introduced proper initialization and disposal of keying material.
! 2159:
! 2160: - Fixed the missing listing of connection definitions in ipsec statusall
! 2161: broken by an unfortunate local variable overload.
! 2162:
! 2163:
! 2164: strongswan-4.2.10
! 2165: -----------------
! 2166:
! 2167: - Several performance improvements to handle thousands of tunnels with almost
! 2168: linear upscaling. All relevant data structures have been replaced by faster
! 2169: counterparts with better lookup times.
! 2170:
! 2171: - Better parallelization to run charon on multiple cores. Due to improved
! 2172: resource locking and other optimizations the daemon can take full
! 2173: advantage of 16 or even more cores.
! 2174:
! 2175: - The load-tester plugin can use a NULL Diffie-Hellman group and simulate
! 2176: unique identities and certificates by signing peer certificates using a CA
! 2177: on the fly.
! 2178:
! 2179: - The redesigned stroke in-memory IP pool handles leases. The "ipsec leases"
! 2180: command queries assigned leases.
! 2181:
! 2182: - Added support for smartcards in charon by using the ENGINE API provided by
! 2183: OpenSSL, based on patches by Michael Roßberg.
! 2184:
! 2185: - The Padlock plugin supports the hardware RNG found on VIA CPUs to provide a
! 2186: reliable source of randomness.
! 2187:
! 2188: strongswan-4.2.9
! 2189: ----------------
! 2190:
! 2191: - Flexible configuration of logging subsystem allowing to log to multiple
! 2192: syslog facilities or to files using fine-grained log levels for each target.
! 2193:
! 2194: - Load testing plugin to do stress testing of the IKEv2 daemon against self
! 2195: or another host. Found and fixed issues during tests in the multi-threaded
! 2196: use of the OpenSSL plugin.
! 2197:
! 2198: - Added profiling code to synchronization primitives to find bottlenecks if
! 2199: running on multiple cores. Found and fixed an issue where parts of the
! 2200: Diffie-Hellman calculation acquired an exclusive lock. This greatly improves
! 2201: parallelization to multiple cores.
! 2202:
! 2203: - updown script invocation has been separated into a plugin of its own to
! 2204: further slim down the daemon core.
! 2205:
! 2206: - Separated IKE_SA/CHILD_SA key derivation process into a closed system,
! 2207: allowing future implementations to use a secured environment in e.g. kernel
! 2208: memory or hardware.
! 2209:
! 2210: - The kernel interface of charon has been modularized. XFRM NETLINK (default)
! 2211: and PFKEY (--enable-kernel-pfkey) interface plugins for the native IPsec
! 2212: stack of the Linux 2.6 kernel as well as a PFKEY interface for the KLIPS
! 2213: IPsec stack (--enable-kernel-klips) are provided.
! 2214:
! 2215: - Basic Mobile IPv6 support has been introduced, securing Binding Update
! 2216: messages as well as tunneled traffic between Mobile Node and Home Agent.
! 2217: The installpolicy=no option allows peaceful cooperation with a dominant
! 2218: mip6d daemon and the new type=transport_proxy implements the special MIPv6
! 2219: IPsec transport proxy mode where the IKEv2 daemon uses the Care-of-Address
! 2220: but the IPsec SA is set up for the Home Address.
! 2221:
! 2222: - Implemented migration of Mobile IPv6 connections using the KMADDRESS
! 2223: field contained in XFRM_MSG_MIGRATE messages sent by the mip6d daemon
! 2224: via the Linux 2.6.28 (or appropriately patched) kernel.
! 2225:
! 2226:
! 2227: strongswan-4.2.8
! 2228: ----------------
! 2229:
! 2230: - IKEv2 charon daemon supports authentication based on raw public keys
! 2231: stored in the SQL database backend. The ipsec listpubkeys command
! 2232: lists the available raw public keys via the stroke interface.
! 2233:
! 2234: - Several MOBIKE improvements: Detect changes in NAT mappings in DPD exchanges,
! 2235: handle events if kernel detects NAT mapping changes in UDP-encapsulated
! 2236: ESP packets (requires kernel patch), reuse old addresses in MOBIKE updates as
! 2237: long as possible and other fixes.
! 2238:
! 2239: - Fixed a bug in addr_in_subnet() which caused insertion of wrong source
! 2240: routes for destination subnets having netwmasks not being a multiple of 8 bits.
! 2241: Thanks go to Wolfgang Steudel, TU Ilmenau for reporting this bug.
! 2242:
! 2243:
! 2244: strongswan-4.2.7
! 2245: ----------------
! 2246:
! 2247: - Fixed a Denial-of-Service vulnerability where an IKE_SA_INIT message with
! 2248: a KE payload containing zeroes only can cause a crash of the IKEv2 charon
! 2249: daemon due to a NULL pointer returned by the mpz_export() function of the
! 2250: GNU Multiprecision Library (GMP). Thanks go to Mu Dynamics Research Labs
! 2251: for making us aware of this problem.
! 2252:
! 2253: - The new agent plugin provides a private key implementation on top of an
! 2254: ssh-agent.
! 2255:
! 2256: - The NetworkManager plugin has been extended to support certificate client
! 2257: authentication using RSA keys loaded from a file or using ssh-agent.
! 2258:
! 2259: - Daemon capability dropping has been ported to libcap and must be enabled
! 2260: explicitly --with-capabilities=libcap. Future version will support the
! 2261: newer libcap2 library.
! 2262:
! 2263: - ipsec listalgs lists the IKEv2 cryptografic algorithms registered with the
! 2264: charon keying daemon.
! 2265:
! 2266:
! 2267: strongswan-4.2.6
! 2268: ----------------
! 2269:
! 2270: - A NetworkManager plugin allows GUI-based configuration of road-warrior
! 2271: clients in a simple way. It features X509 based gateway authentication
! 2272: and EAP client authentication, tunnel setup/teardown and storing passwords
! 2273: in the Gnome Keyring.
! 2274:
! 2275: - A new EAP-GTC plugin implements draft-sheffer-ikev2-gtc-00.txt and allows
! 2276: username/password authentication against any PAM service on the gateway.
! 2277: The new EAP method interacts nicely with the NetworkManager plugin and allows
! 2278: client authentication against e.g. LDAP.
! 2279:
! 2280: - Improved support for the EAP-Identity method. The new ipsec.conf eap_identity
! 2281: parameter defines an additional identity to pass to the server in EAP
! 2282: authentication.
! 2283:
! 2284: - The "ipsec statusall" command now lists CA restrictions, EAP
! 2285: authentication types and EAP identities.
! 2286:
! 2287: - Fixed two multithreading deadlocks occurring when starting up
! 2288: several hundred tunnels concurrently.
! 2289:
! 2290: - Fixed the --enable-integrity-test configure option which
! 2291: computes a SHA-1 checksum over the libstrongswan library.
! 2292:
! 2293:
! 2294: strongswan-4.2.5
! 2295: ----------------
! 2296:
! 2297: - Consistent logging of IKE and CHILD SAs at the audit (AUD) level.
! 2298:
! 2299: - Improved the performance of the SQL-based virtual IP address pool
! 2300: by introducing an additional addresses table. The leases table
! 2301: storing only history information has become optional and can be
! 2302: disabled by setting charon.plugins.sql.lease_history = no in
! 2303: strongswan.conf.
! 2304:
! 2305: - The XFRM_STATE_AF_UNSPEC flag added to xfrm.h allows IPv4-over-IPv6
! 2306: and IPv6-over-IPv4 tunnels with the 2.6.26 and later Linux kernels.
! 2307:
! 2308: - management of different virtual IP pools for different
! 2309: network interfaces have become possible.
! 2310:
! 2311: - fixed a bug which prevented the assignment of more than 256
! 2312: virtual IP addresses from a pool managed by an sql database.
! 2313:
! 2314: - fixed a bug which did not delete own IPCOMP SAs in the kernel.
! 2315:
! 2316:
! 2317: strongswan-4.2.4
! 2318: ----------------
! 2319:
! 2320: - Added statistics functions to ipsec pool --status and ipsec pool --leases
! 2321: and input validation checks to various ipsec pool commands.
! 2322:
! 2323: - ipsec statusall now lists all loaded charon plugins and displays
! 2324: the negotiated IKEv2 cipher suite proposals.
! 2325:
! 2326: - The openssl plugin supports the elliptic curve Diffie-Hellman groups
! 2327: 19, 20, 21, 25, and 26.
! 2328:
! 2329: - The openssl plugin supports ECDSA authentication using elliptic curve
! 2330: X.509 certificates.
! 2331:
! 2332: - Fixed a bug in stroke which caused multiple charon threads to close
! 2333: the file descriptors during packet transfers over the stroke socket.
! 2334:
! 2335: - ESP sequence numbers are now migrated in IPsec SA updates handled by
! 2336: MOBIKE. Works only with Linux kernels >= 2.6.17.
! 2337:
! 2338:
! 2339: strongswan-4.2.3
! 2340: ----------------
! 2341:
! 2342: - Fixed the strongswan.conf path configuration problem that occurred when
! 2343: --sysconfig was not set explicitly in ./configure.
! 2344:
! 2345: - Fixed a number of minor bugs that where discovered during the 4th
! 2346: IKEv2 interoperability workshop in San Antonio, TX.
! 2347:
! 2348:
! 2349: strongswan-4.2.2
! 2350: ----------------
! 2351:
! 2352: - Plugins for libstrongswan and charon can optionally be loaded according
! 2353: to a configuration in strongswan.conf. Most components provide a
! 2354: "load = " option followed by a space separated list of plugins to load.
! 2355: This allows e.g. the fallback from a hardware crypto accelerator to
! 2356: to software-based crypto plugins.
! 2357:
! 2358: - Charons SQL plugin has been extended by a virtual IP address pool.
! 2359: Configurations with a rightsourceip=%poolname setting query a SQLite or
! 2360: MySQL database for leases. The "ipsec pool" command helps in administrating
! 2361: the pool database. See ipsec pool --help for the available options
! 2362:
! 2363: - The Authenticated Encryption Algorithms AES-CCM-8/12/16 and AES-GCM-8/12/16
! 2364: for ESP are now supported starting with the Linux 2.6.25 kernel. The
! 2365: syntax is e.g. esp=aes128ccm12 or esp=aes256gcm16.
! 2366:
! 2367:
! 2368: strongswan-4.2.1
! 2369: ----------------
! 2370:
! 2371: - Support for "Hash and URL" encoded certificate payloads has been implemented
! 2372: in the IKEv2 daemon charon. Using the "certuribase" option of a CA section
! 2373: allows to assign a base URL to all certificates issued by the specified CA.
! 2374: The final URL is then built by concatenating that base and the hex encoded
! 2375: SHA1 hash of the DER encoded certificate. Note that this feature is disabled
! 2376: by default and must be enabled using the option "charon.hash_and_url".
! 2377:
! 2378: - The IKEv2 daemon charon now supports the "uniqueids" option to close multiple
! 2379: IKE_SAs with the same peer. The option value "keep" prefers existing
! 2380: connection setups over new ones, where the value "replace" replaces existing
! 2381: connections.
! 2382:
! 2383: - The crypto factory in libstrongswan additionally supports random number
! 2384: generators, plugins may provide other sources of randomness. The default
! 2385: plugin reads raw random data from /dev/(u)random.
! 2386:
! 2387: - Extended the credential framework by a caching option to allow plugins
! 2388: persistent caching of fetched credentials. The "cachecrl" option has been
! 2389: re-implemented.
! 2390:
! 2391: - The new trustchain verification introduced in 4.2.0 has been parallelized.
! 2392: Threads fetching CRL or OCSP information no longer block other threads.
! 2393:
! 2394: - A new IKEv2 configuration attribute framework has been introduced allowing
! 2395: plugins to provide virtual IP addresses, and in the future, other
! 2396: configuration attribute services (e.g. DNS/WINS servers).
! 2397:
! 2398: - The stroke plugin has been extended to provide virtual IP addresses from
! 2399: a pool defined in ipsec.conf. The "rightsourceip" parameter now accepts
! 2400: address pools in CIDR notation (e.g. 10.1.1.0/24). The parameter also accepts
! 2401: the value "%poolname", where "poolname" identifies a pool provided by a
! 2402: separate plugin.
! 2403:
! 2404: - Fixed compilation on uClibc and a couple of other minor bugs.
! 2405:
! 2406: - Set DPD defaults in ipsec starter to dpd_delay=30s and dpd_timeout=150s.
! 2407:
! 2408: - The IKEv1 pluto daemon now supports the ESP encryption algorithm CAMELLIA
! 2409: with key lengths of 128, 192, and 256 bits, as well as the authentication
! 2410: algorithm AES_XCBC_MAC. Configuration example: esp=camellia192-aesxcbc.
! 2411:
! 2412:
! 2413: strongswan-4.2.0
! 2414: ----------------
! 2415:
! 2416: - libstrongswan has been modularized to attach crypto algorithms,
! 2417: credential implementations (keys, certificates) and fetchers dynamically
! 2418: through plugins. Existing code has been ported to plugins:
! 2419: - RSA/Diffie-Hellman implementation using the GNU Multi Precision library
! 2420: - X509 certificate system supporting CRLs, OCSP and attribute certificates
! 2421: - Multiple plugins providing crypto algorithms in software
! 2422: - CURL and OpenLDAP fetcher
! 2423:
! 2424: - libstrongswan gained a relational database API which uses pluggable database
! 2425: providers. Plugins for MySQL and SQLite are available.
! 2426:
! 2427: - The IKEv2 keying daemon charon is more extensible. Generic plugins may provide
! 2428: connection configuration, credentials and EAP methods or control the daemon.
! 2429: Existing code has been ported to plugins:
! 2430: - EAP-AKA, EAP-SIM, EAP-MD5 and EAP-Identity
! 2431: - stroke configuration, credential and control (compatible to pluto)
! 2432: - XML bases management protocol to control and query the daemon
! 2433: The following new plugins are available:
! 2434: - An experimental SQL configuration, credential and logging plugin on
! 2435: top of either MySQL or SQLite
! 2436: - A unit testing plugin to run tests at daemon startup
! 2437:
! 2438: - The authentication and credential framework in charon has been heavily
! 2439: refactored to support modular credential providers, proper
! 2440: CERTREQ/CERT payload exchanges and extensible authorization rules.
! 2441:
! 2442: - The framework of strongSwan Manager has evolved to the web application
! 2443: framework libfast (FastCGI Application Server w/ Templates) and is usable
! 2444: by other applications.
! 2445:
! 2446:
! 2447: strongswan-4.1.11
! 2448: -----------------
! 2449:
! 2450: - IKE rekeying in NAT situations did not inherit the NAT conditions
! 2451: to the rekeyed IKE_SA so that the UDP encapsulation was lost with
! 2452: the next CHILD_SA rekeying.
! 2453:
! 2454: - Wrong type definition of the next_payload variable in id_payload.c
! 2455: caused an INVALID_SYNTAX error on PowerPC platforms.
! 2456:
! 2457: - Implemented IKEv2 EAP-SIM server and client test modules that use
! 2458: triplets stored in a file. For details on the configuration see
! 2459: the scenario 'ikev2/rw-eap-sim-rsa'.
! 2460:
! 2461:
! 2462: strongswan-4.1.10
! 2463: -----------------
! 2464:
! 2465: - Fixed error in the ordering of the certinfo_t records in the ocsp cache that
! 2466: caused multiple entries of the same serial number to be created.
! 2467:
! 2468: - Implementation of a simple EAP-MD5 module which provides CHAP
! 2469: authentication. This may be interesting in conjunction with certificate
! 2470: based server authentication, as weak passwords can't be brute forced
! 2471: (in contradiction to traditional IKEv2 PSK).
! 2472:
! 2473: - A complete software based implementation of EAP-AKA, using algorithms
! 2474: specified in 3GPP2 (S.S0055). This implementation does not use an USIM,
! 2475: but reads the secrets from ipsec.secrets. Make sure to read eap_aka.h
! 2476: before using it.
! 2477:
! 2478: - Support for vendor specific EAP methods using Expanded EAP types. The
! 2479: interface to EAP modules has been slightly changed, so make sure to
! 2480: check the changes if you're already rolling your own modules.
! 2481:
! 2482:
! 2483: strongswan-4.1.9
! 2484: ----------------
! 2485:
! 2486: - The default _updown script now dynamically inserts and removes ip6tables
! 2487: firewall rules if leftfirewall=yes is set in IPv6 connections. New IPv6
! 2488: net-net and roadwarrior (PSK/RSA) scenarios for both IKEv1 and IKEV2 were
! 2489: added.
! 2490:
! 2491: - Implemented RFC4478 repeated authentication to force EAP/Virtual-IP clients
! 2492: to reestablish an IKE_SA within a given timeframe.
! 2493:
! 2494: - strongSwan Manager supports configuration listing, initiation and termination
! 2495: of IKE and CHILD_SAs.
! 2496:
! 2497: - Fixes and improvements to multithreading code.
! 2498:
! 2499: - IKEv2 plugins have been renamed to libcharon-* to avoid naming conflicts.
! 2500: Make sure to remove the old plugins in $libexecdir/ipsec, otherwise they get
! 2501: loaded twice.
! 2502:
! 2503:
! 2504: strongswan-4.1.8
! 2505: ----------------
! 2506:
! 2507: - Removed recursive pthread mutexes since uClibc doesn't support them.
! 2508:
! 2509:
! 2510: strongswan-4.1.7
! 2511: ----------------
! 2512:
! 2513: - In NAT traversal situations and multiple queued Quick Modes,
! 2514: those pending connections inserted by auto=start after the
! 2515: port floating from 500 to 4500 were erroneously deleted.
! 2516:
! 2517: - Added a "forceencaps" connection parameter to enforce UDP encapsulation
! 2518: to surmount restrictive firewalls. NAT detection payloads are faked to
! 2519: simulate a NAT situation and trick the other peer into NAT mode (IKEv2 only).
! 2520:
! 2521: - Preview of strongSwan Manager, a web based configuration and monitoring
! 2522: application. It uses a new XML control interface to query the IKEv2 daemon
! 2523: (see https://wiki.strongswan.org/wiki/Manager).
! 2524:
! 2525: - Experimental SQLite configuration backend which will provide the configuration
! 2526: interface for strongSwan Manager in future releases.
! 2527:
! 2528: - Further improvements to MOBIKE support.
! 2529:
! 2530:
! 2531: strongswan-4.1.6
! 2532: ----------------
! 2533:
! 2534: - Since some third party IKEv2 implementations run into
! 2535: problems with strongSwan announcing MOBIKE capability per
! 2536: default, MOBIKE can be disabled on a per-connection-basis
! 2537: using the mobike=no option. Whereas mobike=no disables the
! 2538: sending of the MOBIKE_SUPPORTED notification and the floating
! 2539: to UDP port 4500 with the IKE_AUTH request even if no NAT
! 2540: situation has been detected, strongSwan will still support
! 2541: MOBIKE acting as a responder.
! 2542:
! 2543: - the default ipsec routing table plus its corresponding priority
! 2544: used for inserting source routes has been changed from 100 to 220.
! 2545: It can be configured using the --with-ipsec-routing-table and
! 2546: --with-ipsec-routing-table-prio options.
! 2547:
! 2548: - the --enable-integrity-test configure option tests the
! 2549: integrity of the libstrongswan crypto code during the charon
! 2550: startup.
! 2551:
! 2552: - the --disable-xauth-vid configure option disables the sending
! 2553: of the XAUTH vendor ID. This can be used as a workaround when
! 2554: interoperating with some Windows VPN clients that get into
! 2555: trouble upon reception of an XAUTH VID without eXtended
! 2556: AUTHentication having been configured.
! 2557:
! 2558: - ipsec stroke now supports the rereadsecrets, rereadaacerts,
! 2559: rereadacerts, and listacerts options.
! 2560:
! 2561:
! 2562: strongswan-4.1.5
! 2563: ----------------
! 2564:
! 2565: - If a DNS lookup failure occurs when resolving right=%<FQDN>
! 2566: or right=<FQDN> combined with rightallowany=yes then the
! 2567: connection is not updated by ipsec starter thus preventing
! 2568: the disruption of an active IPsec connection. Only if the DNS
! 2569: lookup successfully returns with a changed IP address the
! 2570: corresponding connection definition is updated.
! 2571:
! 2572: - Routes installed by the keying daemons are now in a separate
! 2573: routing table with the ID 100 to avoid conflicts with the main
! 2574: table. Route lookup for IKEv2 traffic is done in userspace to ignore
! 2575: routes installed for IPsec, as IKE traffic shouldn't get encapsulated.
! 2576:
! 2577:
! 2578: strongswan-4.1.4
! 2579: ----------------
! 2580:
! 2581: - The pluto IKEv1 daemon now exhibits the same behaviour as its
! 2582: IKEv2 companion charon by inserting an explicit route via the
! 2583: _updown script only if a sourceip exists. This is admissible
! 2584: since routing through the IPsec tunnel is handled automatically
! 2585: by NETKEY's IPsec policies. As a consequence the left|rightnexthop
! 2586: parameter is not required any more.
! 2587:
! 2588: - The new IKEv1 parameter right|leftallowany parameters helps to handle
! 2589: the case where both peers possess dynamic IP addresses that are
! 2590: usually resolved using DynDNS or a similar service. The configuration
! 2591:
! 2592: right=peer.foo.bar
! 2593: rightallowany=yes
! 2594:
! 2595: can be used by the initiator to start up a connection to a peer
! 2596: by resolving peer.foo.bar into the currently allocated IP address.
! 2597: Thanks to the rightallowany flag the connection behaves later on
! 2598: as
! 2599:
! 2600: right=%any
! 2601:
! 2602: so that the peer can rekey the connection as an initiator when his
! 2603: IP address changes. An alternative notation is
! 2604:
! 2605: right=%peer.foo.bar
! 2606:
! 2607: which will implicitly set rightallowany=yes.
! 2608:
! 2609: - ipsec starter now fails more gracefully in the presence of parsing
! 2610: errors. Flawed ca and conn section are discarded and pluto is started
! 2611: if non-fatal errors only were encountered. If right=%peer.foo.bar
! 2612: cannot be resolved by DNS then right=%any will be used so that passive
! 2613: connections as a responder are still possible.
! 2614:
! 2615: - The new pkcs11initargs parameter that can be placed in the
! 2616: setup config section of /etc/ipsec.conf allows the definition
! 2617: of an argument string that is used with the PKCS#11 C_Initialize()
! 2618: function. This non-standard feature is required by the NSS softoken
! 2619: library. This patch was contributed by Robert Varga.
! 2620:
! 2621: - Fixed a bug in ipsec starter introduced by strongswan-2.8.5
! 2622: which caused a segmentation fault in the presence of unknown
! 2623: or misspelt keywords in ipsec.conf. This bug fix was contributed
! 2624: by Robert Varga.
! 2625:
! 2626: - Partial support for MOBIKE in IKEv2. The initiator acts on interface/
! 2627: address configuration changes and updates IKE and IPsec SAs dynamically.
! 2628:
! 2629:
! 2630: strongswan-4.1.3
! 2631: ----------------
! 2632:
! 2633: - IKEv2 peer configuration selection now can be based on a given
! 2634: certification authority using the rightca= statement.
! 2635:
! 2636: - IKEv2 authentication based on RSA signatures now can handle multiple
! 2637: certificates issued for a given peer ID. This allows a smooth transition
! 2638: in the case of a peer certificate renewal.
! 2639:
! 2640: - IKEv2: Support for requesting a specific virtual IP using leftsourceip on the
! 2641: client and returning requested virtual IPs using rightsourceip=%config
! 2642: on the server. If the server does not support configuration payloads, the
! 2643: client enforces its leftsourceip parameter.
! 2644:
! 2645: - The ./configure options --with-uid/--with-gid allow pluto and charon
! 2646: to drop their privileges to a minimum and change to an other UID/GID. This
! 2647: improves the systems security, as a possible intruder may only get the
! 2648: CAP_NET_ADMIN capability.
! 2649:
! 2650: - Further modularization of charon: Pluggable control interface and
! 2651: configuration backend modules provide extensibility. The control interface
! 2652: for stroke is included, and further interfaces using DBUS (NetworkManager)
! 2653: or XML are on the way. A backend for storing configurations in the daemon
! 2654: is provided and more advanced backends (using e.g. a database) are trivial
! 2655: to implement.
! 2656:
! 2657: - Fixed a compilation failure in libfreeswan occurring with Linux kernel
! 2658: headers > 2.6.17.
! 2659:
! 2660:
! 2661: strongswan-4.1.2
! 2662: ----------------
! 2663:
! 2664: - Support for an additional Diffie-Hellman exchange when creating/rekeying
! 2665: a CHILD_SA in IKEv2 (PFS). PFS is enabled when the proposal contains a
! 2666: DH group (e.g. "esp=aes128-sha1-modp1536"). Further, DH group negotiation
! 2667: is implemented properly for rekeying.
! 2668:
! 2669: - Support for the AES-XCBC-96 MAC algorithm for IPsec SAs when using IKEv2
! 2670: (requires linux >= 2.6.20). It is enabled using e.g. "esp=aes256-aesxcbc".
! 2671:
! 2672: - Working IPv4-in-IPv6 and IPv6-in-IPv4 tunnels for linux >= 2.6.21.
! 2673:
! 2674: - Added support for EAP modules which do not establish an MSK.
! 2675:
! 2676: - Removed the dependencies from the /usr/include/linux/ headers by
! 2677: including xfrm.h, ipsec.h, and pfkeyv2.h in the distribution.
! 2678:
! 2679: - crlNumber is now listed by ipsec listcrls
! 2680:
! 2681: - The xauth_modules.verify_secret() function now passes the
! 2682: connection name.
! 2683:
! 2684:
! 2685: strongswan-4.1.1
! 2686: ----------------
! 2687:
! 2688: - Server side cookie support. If to may IKE_SAs are in CONNECTING state,
! 2689: cookies are enabled and protect against DoS attacks with faked source
! 2690: addresses. Number of IKE_SAs in CONNECTING state is also limited per
! 2691: peer address to avoid resource exhaustion. IKE_SA_INIT messages are
! 2692: compared to properly detect retransmissions and incoming retransmits are
! 2693: detected even if the IKE_SA is blocked (e.g. doing OCSP fetches).
! 2694:
! 2695: - The IKEv2 daemon charon now supports dynamic http- and ldap-based CRL
! 2696: fetching enabled by crlcheckinterval > 0 and caching fetched CRLs
! 2697: enabled by cachecrls=yes.
! 2698:
! 2699: - Added the configuration options --enable-nat-transport which enables
! 2700: the potentially insecure NAT traversal for IPsec transport mode and
! 2701: --disable-vendor-id which disables the sending of the strongSwan
! 2702: vendor ID.
! 2703:
! 2704: - Fixed a long-standing bug in the pluto IKEv1 daemon which caused
! 2705: a segmentation fault if a malformed payload was detected in the
! 2706: IKE MR2 message and pluto tried to send an encrypted notification
! 2707: message.
! 2708:
! 2709: - Added the NATT_IETF_02_N Vendor ID in order to support IKEv1 connections
! 2710: with Windows 2003 Server which uses a wrong VID hash.
! 2711:
! 2712:
! 2713: strongswan-4.1.0
! 2714: ----------------
! 2715:
! 2716: - Support of SHA2_384 hash function for protecting IKEv1
! 2717: negotiations and support of SHA2 signatures in X.509 certificates.
! 2718:
! 2719: - Fixed a serious bug in the computation of the SHA2-512 HMAC
! 2720: function. Introduced automatic self-test of all IKEv1 hash
! 2721: and hmac functions during pluto startup. Failure of a self-test
! 2722: currently issues a warning only but does not exit pluto [yet].
! 2723:
! 2724: - Support for SHA2-256/384/512 PRF and HMAC functions in IKEv2.
! 2725:
! 2726: - Full support of CA information sections. ipsec listcainfos
! 2727: now shows all collected crlDistributionPoints and OCSP
! 2728: accessLocations.
! 2729:
! 2730: - Support of the Online Certificate Status Protocol (OCSP) for IKEv2.
! 2731: This feature requires the HTTP fetching capabilities of the libcurl
! 2732: library which must be enabled by setting the --enable-http configure
! 2733: option.
! 2734:
! 2735: - Refactored core of the IKEv2 message processing code, allowing better
! 2736: code reuse and separation.
! 2737:
! 2738: - Virtual IP support in IKEv2 using INTERNAL_IP4/6_ADDRESS configuration
! 2739: payload. Additionally, the INTERNAL_IP4/6_DNS attribute is interpreted
! 2740: by the requestor and installed in a resolv.conf file.
! 2741:
! 2742: - The IKEv2 daemon charon installs a route for each IPsec policy to use
! 2743: the correct source address even if an application does not explicitly
! 2744: specify it.
! 2745:
! 2746: - Integrated the EAP framework into charon which loads pluggable EAP library
! 2747: modules. The ipsec.conf parameter authby=eap initiates EAP authentication
! 2748: on the client side, while the "eap" parameter on the server side defines
! 2749: the EAP method to use for client authentication.
! 2750: A generic client side EAP-Identity module and an EAP-SIM authentication
! 2751: module using a third party card reader implementation are included.
! 2752:
! 2753: - Added client side support for cookies.
! 2754:
! 2755: - Integrated the fixes done at the IKEv2 interoperability bakeoff, including
! 2756: strict payload order, correct INVALID_KE_PAYLOAD rejection and other minor
! 2757: fixes to enhance interoperability with other implementations.
! 2758:
! 2759:
! 2760: strongswan-4.0.7
! 2761: ----------------
! 2762:
! 2763: - strongSwan now interoperates with the NCP Secure Entry Client,
! 2764: the Shrew Soft VPN Client, and the Cisco VPN client, doing both
! 2765: XAUTH and Mode Config.
! 2766:
! 2767: - UNITY attributes are now recognized and UNITY_BANNER is set
! 2768: to a default string.
! 2769:
! 2770:
! 2771: strongswan-4.0.6
! 2772: ----------------
! 2773:
! 2774: - IKEv1: Support for extended authentication (XAUTH) in combination
! 2775: with ISAKMP Main Mode RSA or PSK authentication. Both client and
! 2776: server side were implemented. Handling of user credentials can
! 2777: be done by a run-time loadable XAUTH module. By default user
! 2778: credentials are stored in ipsec.secrets.
! 2779:
! 2780: - IKEv2: Support for reauthentication when rekeying
! 2781:
! 2782: - IKEv2: Support for transport mode
! 2783:
! 2784: - fixed a lot of bugs related to byte order
! 2785:
! 2786: - various other bugfixes
! 2787:
! 2788:
! 2789: strongswan-4.0.5
! 2790: ----------------
! 2791:
! 2792: - IKEv1: Implementation of ModeConfig push mode via the new connection
! 2793: keyword modeconfig=push allows interoperability with Cisco VPN gateways.
! 2794:
! 2795: - IKEv1: The command ipsec statusall now shows "DPD active" for all
! 2796: ISAKMP SAs that are under active Dead Peer Detection control.
! 2797:
! 2798: - IKEv2: Charon's logging and debugging framework has been completely rewritten.
! 2799: Instead of logger, special printf() functions are used to directly
! 2800: print objects like hosts (%H) identifications (%D), certificates (%Q),
! 2801: etc. The number of debugging levels have been reduced to:
! 2802:
! 2803: 0 (audit), 1 (control), 2 (controlmore), 3 (raw), 4 (private)
! 2804:
! 2805: The debugging levels can either be specified statically in ipsec.conf as
! 2806:
! 2807: config setup
! 2808: charondebug="lib 1, cfg 3, net 2"
! 2809:
! 2810: or changed at runtime via stroke as
! 2811:
! 2812: ipsec stroke loglevel cfg 2
! 2813:
! 2814:
! 2815: strongswan-4.0.4
! 2816: ----------------
! 2817:
! 2818: - Implemented full support for IPv6-in-IPv6 tunnels.
! 2819:
! 2820: - Added configuration options for dead peer detection in IKEv2. dpd_action
! 2821: types "clear", "hold" and "restart" are supported. The dpd_timeout
! 2822: value is not used, as the normal retransmission policy applies to
! 2823: detect dead peers. The dpd_delay parameter enables sending of empty
! 2824: informational message to detect dead peers in case of inactivity.
! 2825:
! 2826: - Added support for preshared keys in IKEv2. PSK keys configured in
! 2827: ipsec.secrets are loaded. The authby parameter specifies the authentication
! 2828: method to authenticate ourself, the other peer may use PSK or RSA.
! 2829:
! 2830: - Changed retransmission policy to respect the keyingtries parameter.
! 2831:
! 2832: - Added private key decryption. PEM keys encrypted with AES-128/192/256
! 2833: or 3DES are supported.
! 2834:
! 2835: - Implemented DES/3DES algorithms in libstrongswan. 3DES can be used to
! 2836: encrypt IKE traffic.
! 2837:
! 2838: - Implemented SHA-256/384/512 in libstrongswan, allows usage of certificates
! 2839: signed with such a hash algorithm.
! 2840:
! 2841: - Added initial support for updown scripts. The actions up-host/client and
! 2842: down-host/client are executed. The leftfirewall=yes parameter
! 2843: uses the default updown script to insert dynamic firewall rules, a custom
! 2844: updown script may be specified with the leftupdown parameter.
! 2845:
! 2846:
! 2847: strongswan-4.0.3
! 2848: ----------------
! 2849:
! 2850: - Added support for the auto=route ipsec.conf parameter and the
! 2851: ipsec route/unroute commands for IKEv2. This allows to set up IKE_SAs and
! 2852: CHILD_SAs dynamically on demand when traffic is detected by the
! 2853: kernel.
! 2854:
! 2855: - Added support for rekeying IKE_SAs in IKEv2 using the ikelifetime parameter.
! 2856: As specified in IKEv2, no reauthentication is done (unlike in IKEv1), only
! 2857: new keys are generated using perfect forward secrecy. An optional flag
! 2858: which enforces reauthentication will be implemented later.
! 2859:
! 2860: - "sha" and "sha1" are now treated as synonyms in the ike= and esp=
! 2861: algorithm configuration statements.
! 2862:
! 2863:
! 2864: strongswan-4.0.2
! 2865: ----------------
! 2866:
! 2867: - Full X.509 certificate trust chain verification has been implemented.
! 2868: End entity certificates can be exchanged via CERT payloads. The current
! 2869: default is leftsendcert=always, since CERTREQ payloads are not supported
! 2870: yet. Optional CRLs must be imported locally into /etc/ipsec.d/crls.
! 2871:
! 2872: - Added support for leftprotoport/rightprotoport parameters in IKEv2. IKEv2
! 2873: would offer more possibilities for traffic selection, but the Linux kernel
! 2874: currently does not support it. That's why we stick with these simple
! 2875: ipsec.conf rules for now.
! 2876:
! 2877: - Added Dead Peer Detection (DPD) which checks liveliness of remote peer if no
! 2878: IKE or ESP traffic is received. DPD is currently hardcoded (dpdaction=clear,
! 2879: dpddelay=60s).
! 2880:
! 2881: - Initial NAT traversal support in IKEv2. Charon includes NAT detection
! 2882: notify payloads to detect NAT routers between the peers. It switches
! 2883: to port 4500, uses UDP encapsulated ESP packets, handles peer address
! 2884: changes gracefully and sends keep alive message periodically.
! 2885:
! 2886: - Reimplemented IKE_SA state machine for charon, which allows simultaneous
! 2887: rekeying, more shared code, cleaner design, proper retransmission
! 2888: and a more extensible code base.
! 2889:
! 2890: - The mixed PSK/RSA roadwarrior detection capability introduced by the
! 2891: strongswan-2.7.0 release necessitated the pre-parsing of the IKE proposal
! 2892: payloads by the responder right before any defined IKE Main Mode state had
! 2893: been established. Although any form of bad proposal syntax was being correctly
! 2894: detected by the payload parser, the subsequent error handler didn't check
! 2895: the state pointer before logging current state information, causing an
! 2896: immediate crash of the pluto keying daemon due to a NULL pointer.
! 2897:
! 2898:
! 2899: strongswan-4.0.1
! 2900: ----------------
! 2901:
! 2902: - Added algorithm selection to charon: New default algorithms for
! 2903: ike=aes128-sha-modp2048, as both daemons support it. The default
! 2904: for IPsec SAs is now esp=aes128-sha,3des-md5. charon handles
! 2905: the ike/esp parameter the same way as pluto. As this syntax does
! 2906: not allow specification of a pseudo random function, the same
! 2907: algorithm as for integrity is used (currently sha/md5). Supported
! 2908: algorithms for IKE:
! 2909: Encryption: aes128, aes192, aes256
! 2910: Integrity/PRF: md5, sha (using hmac)
! 2911: DH-Groups: modp768, 1024, 1536, 2048, 4096, 8192
! 2912: and for ESP:
! 2913: Encryption: aes128, aes192, aes256, 3des, blowfish128,
! 2914: blowfish192, blowfish256
! 2915: Integrity: md5, sha1
! 2916: More IKE encryption algorithms will come after porting libcrypto into
! 2917: libstrongswan.
! 2918:
! 2919: - initial support for rekeying CHILD_SAs using IKEv2. Currently no
! 2920: perfect forward secrecy is used. The rekeying parameters rekey,
! 2921: rekeymargin, rekeyfuzz and keylife from ipsec.conf are now supported
! 2922: when using IKEv2. WARNING: charon currently is unable to handle
! 2923: simultaneous rekeying. To avoid such a situation, use a large
! 2924: rekeyfuzz, or even better, set rekey=no on one peer.
! 2925:
! 2926: - support for host2host, net2net, host2net (roadwarrior) tunnels
! 2927: using predefined RSA certificates (see uml scenarios for
! 2928: configuration examples).
! 2929:
! 2930: - new build environment featuring autotools. Features such
! 2931: as HTTP, LDAP and smartcard support may be enabled using
! 2932: the ./configure script. Changing install directories
! 2933: is possible, too. See ./configure --help for more details.
! 2934:
! 2935: - better integration of charon with ipsec starter, which allows
! 2936: (almost) transparent operation with both daemons. charon
! 2937: handles ipsec commands up, down, status, statusall, listall,
! 2938: listcerts and allows proper load, reload and delete of connections
! 2939: via ipsec starter.
! 2940:
! 2941:
! 2942: strongswan-4.0.0
! 2943: ----------------
! 2944:
! 2945: - initial support of the IKEv2 protocol. Connections in
! 2946: ipsec.conf designated by keyexchange=ikev2 are negotiated
! 2947: by the new IKEv2 charon keying daemon whereas those marked
! 2948: by keyexchange=ikev1 or the default keyexchange=ike are
! 2949: handled thy the IKEv1 pluto keying daemon. Currently only
! 2950: a limited subset of functions are available with IKEv2
! 2951: (Default AES encryption, authentication based on locally
! 2952: imported X.509 certificates, unencrypted private RSA keys
! 2953: in PKCS#1 file format, limited functionality of the ipsec
! 2954: status command).
! 2955:
! 2956:
! 2957: strongswan-2.7.0
! 2958: ----------------
! 2959:
! 2960: - the dynamic iptables rules from the _updown_x509 template
! 2961: for KLIPS and the _updown_policy template for NETKEY have
! 2962: been merged into the default _updown script. The existing
! 2963: left|rightfirewall keyword causes the automatic insertion
! 2964: and deletion of ACCEPT rules for tunneled traffic upon
! 2965: the successful setup and teardown of an IPsec SA, respectively.
! 2966: left|rightfirewall can be used with KLIPS under any Linux 2.4
! 2967: kernel or with NETKEY under a Linux kernel version >= 2.6.16
! 2968: in conjunction with iptables >= 1.3.5. For NETKEY under a Linux
! 2969: kernel version < 2.6.16 which does not support IPsec policy
! 2970: matching yet, please continue to use a copy of the _updown_espmark
! 2971: template loaded via the left|rightupdown keyword.
! 2972:
! 2973: - a new left|righthostaccess keyword has been introduced which
! 2974: can be used in conjunction with left|rightfirewall and the
! 2975: default _updown script. By default leftfirewall=yes inserts
! 2976: a bi-directional iptables FORWARD rule for a local client network
! 2977: with a netmask different from 255.255.255.255 (single host).
! 2978: This does not allow to access the VPN gateway host via its
! 2979: internal network interface which is part of the client subnet
! 2980: because an iptables INPUT and OUTPUT rule would be required.
! 2981: lefthostaccess=yes will cause this additional ACCEPT rules to
! 2982: be inserted.
! 2983:
! 2984: - mixed PSK|RSA roadwarriors are now supported. The ISAKMP proposal
! 2985: payload is preparsed in order to find out whether the roadwarrior
! 2986: requests PSK or RSA so that a matching connection candidate can
! 2987: be found.
! 2988:
! 2989:
! 2990: strongswan-2.6.4
! 2991: ----------------
! 2992:
! 2993: - the new _updown_policy template allows ipsec policy based
! 2994: iptables firewall rules. Required are iptables version
! 2995: >= 1.3.5 and linux kernel >= 2.6.16. This script obsoletes
! 2996: the _updown_espmark template, so that no INPUT mangle rules
! 2997: are required any more.
! 2998:
! 2999: - added support of DPD restart mode
! 3000:
! 3001: - ipsec starter now allows the use of wildcards in include
! 3002: statements as e.g. in "include /etc/my_ipsec/*.conf".
! 3003: Patch courtesy of Matthias Haas.
! 3004:
! 3005: - the Netscape OID 'employeeNumber' is now recognized and can be
! 3006: used as a Relative Distinguished Name in certificates.
! 3007:
! 3008:
! 3009: strongswan-2.6.3
! 3010: ----------------
! 3011:
! 3012: - /etc/init.d/ipsec or /etc/rc.d/ipsec is now a copy of the ipsec
! 3013: command and not of ipsec setup any more.
! 3014:
! 3015: - ipsec starter now supports AH authentication in conjunction with
! 3016: ESP encryption. AH authentication is configured in ipsec.conf
! 3017: via the auth=ah parameter.
! 3018:
! 3019: - The command ipsec scencrypt|scdecrypt <args> is now an alias for
! 3020: ipsec whack --scencrypt|scdecrypt <args>.
! 3021:
! 3022: - get_sa_info() now determines for the native netkey IPsec stack
! 3023: the exact time of the last use of an active eroute. This information
! 3024: is used by the Dead Peer Detection algorithm and is also displayed by
! 3025: the ipsec status command.
! 3026:
! 3027:
! 3028: strongswan-2.6.2
! 3029: ----------------
! 3030:
! 3031: - running under the native Linux 2.6 IPsec stack, the function
! 3032: get_sa_info() is called by ipsec auto --status to display the current
! 3033: number of transmitted bytes per IPsec SA.
! 3034:
! 3035: - get_sa_info() is also used by the Dead Peer Detection process to detect
! 3036: recent ESP activity. If ESP traffic was received from the peer within
! 3037: the last dpd_delay interval then no R_Y_THERE notification must be sent.
! 3038:
! 3039: - strongSwan now supports the Relative Distinguished Name "unstructuredName"
! 3040: in ID_DER_ASN1_DN identities. The following notations are possible:
! 3041:
! 3042: rightid="unstructuredName=John Doe"
! 3043: rightid="UN=John Doe"
! 3044:
! 3045: - fixed a long-standing bug which caused PSK-based roadwarrior connections
! 3046: to segfault in the function id.c:same_id() called by keys.c:get_secret()
! 3047: if an FQDN, USER_FQDN, or Key ID was defined, as in the following example.
! 3048:
! 3049: conn rw
! 3050: right=%any
! 3051: rightid=@foo.bar
! 3052: authby=secret
! 3053:
! 3054: - the ipsec command now supports most ipsec auto commands (e.g. ipsec listall).
! 3055:
! 3056: - ipsec starter didn't set host_addr and client.addr ports in whack msg.
! 3057:
! 3058: - in order to guarantee backwards-compatibility with the script-based
! 3059: auto function (e.g. auto --replace), the ipsec starter scripts stores
! 3060: the defaultroute information in the temporary file /var/run/ipsec.info.
! 3061:
! 3062: - The compile-time option USE_XAUTH_VID enables the sending of the XAUTH
! 3063: Vendor ID which is expected by Cisco PIX 7 boxes that act as IKE Mode Config
! 3064: servers.
! 3065:
! 3066: - the ipsec starter now also recognizes the parameters authby=never and
! 3067: type=passthrough|pass|drop|reject.
! 3068:
! 3069:
! 3070: strongswan-2.6.1
! 3071: ----------------
! 3072:
! 3073: - ipsec starter now supports the also parameter which allows
! 3074: a modular structure of the connection definitions. Thus
! 3075: "ipsec start" is now ready to replace "ipsec setup".
! 3076:
! 3077:
! 3078: strongswan-2.6.0
! 3079: ----------------
! 3080:
! 3081: - Mathieu Lafon's popular ipsec starter tool has been added to the
! 3082: strongSwan distribution. Many thanks go to Stephan Scholz from astaro
! 3083: for his integration work. ipsec starter is a C program which is going
! 3084: to replace the various shell and awk starter scripts (setup, _plutoload,
! 3085: _plutostart, _realsetup, _startklips, _confread, and auto). Since
! 3086: ipsec.conf is now parsed only once, the starting of multiple tunnels is
! 3087: accelerated tremendously.
! 3088:
! 3089: - Added support of %defaultroute to the ipsec starter. If the IP address
! 3090: changes, a HUP signal to the ipsec starter will automatically
! 3091: reload pluto's connections.
! 3092:
! 3093: - moved most compile time configurations from pluto/Makefile to
! 3094: Makefile.inc by defining the options USE_LIBCURL, USE_LDAP,
! 3095: USE_SMARTCARD, and USE_NAT_TRAVERSAL_TRANSPORT_MODE.
! 3096:
! 3097: - removed the ipsec verify and ipsec newhostkey commands
! 3098:
! 3099: - fixed some 64-bit issues in formatted print statements
! 3100:
! 3101: - The scepclient functionality implementing the Simple Certificate
! 3102: Enrollment Protocol (SCEP) is nearly complete but hasn't been
! 3103: documented yet.
! 3104:
! 3105:
! 3106: strongswan-2.5.7
! 3107: ----------------
! 3108:
! 3109: - CA certificates are now automatically loaded from a smartcard
! 3110: or USB crypto token and appear in the ipsec auto --listcacerts
! 3111: listing.
! 3112:
! 3113:
! 3114: strongswan-2.5.6
! 3115: ----------------
! 3116:
! 3117: - when using "ipsec whack --scencrypt <data>" with a PKCS#11
! 3118: library that does not support the C_Encrypt() Cryptoki
! 3119: function (e.g. OpenSC), the RSA encryption is done in
! 3120: software using the public key fetched from the smartcard.
! 3121:
! 3122: - The scepclient function now allows to define the
! 3123: validity of a self-signed certificate using the --days,
! 3124: --startdate, and --enddate options. The default validity
! 3125: has been changed from one year to five years.
! 3126:
! 3127:
! 3128: strongswan-2.5.5
! 3129: ----------------
! 3130:
! 3131: - the config setup parameter pkcs11proxy=yes opens pluto's PKCS#11
! 3132: interface to other applications for RSA encryption and decryption
! 3133: via the whack interface. Notation:
! 3134:
! 3135: ipsec whack --scencrypt <data>
! 3136: [--inbase 16|hex|64|base64|256|text|ascii]
! 3137: [--outbase 16|hex|64|base64|256|text|ascii]
! 3138: [--keyid <keyid>]
! 3139:
! 3140: ipsec whack --scdecrypt <data>
! 3141: [--inbase 16|hex|64|base64|256|text|ascii]
! 3142: [--outbase 16|hex|64|base64|256|text|ascii]
! 3143: [--keyid <keyid>]
! 3144:
! 3145: The default setting for inbase and outbase is hex.
! 3146:
! 3147: The new proxy interface can be used for securing symmetric
! 3148: encryption keys required by the cryptoloop or dm-crypt
! 3149: disk encryption schemes, especially in the case when
! 3150: pkcs11keepstate=yes causes pluto to lock the pkcs11 slot
! 3151: permanently.
! 3152:
! 3153: - if the file /etc/ipsec.secrets is lacking during the startup of
! 3154: pluto then the root-readable file /etc/ipsec.d/private/myKey.der
! 3155: containing a 2048 bit RSA private key and a matching self-signed
! 3156: certificate stored in the file /etc/ipsec.d/certs/selfCert.der
! 3157: is automatically generated by calling the function
! 3158:
! 3159: ipsec scepclient --out pkcs1 --out cert-self
! 3160:
! 3161: scepclient was written by Jan Hutter and Martin Willi, students
! 3162: at the University of Applied Sciences in Rapperswil, Switzerland.
! 3163:
! 3164:
! 3165: strongswan-2.5.4
! 3166: ----------------
! 3167:
! 3168: - the current extension of the PKCS#7 framework introduced
! 3169: a parsing error in PKCS#7 wrapped X.509 certificates that are
! 3170: e.g. transmitted by Windows XP when multi-level CAs are used.
! 3171: the parsing syntax has been fixed.
! 3172:
! 3173: - added a patch by Gerald Richter which tolerates multiple occurrences
! 3174: of the ipsec0 interface when using KLIPS.
! 3175:
! 3176:
! 3177: strongswan-2.5.3
! 3178: ----------------
! 3179:
! 3180: - with gawk-3.1.4 the word "default2 has become a protected
! 3181: keyword for use in switch statements and cannot be used any
! 3182: more in the strongSwan scripts. This problem has been
! 3183: solved by renaming "default" to "defaults" and "setdefault"
! 3184: in the scripts _confread and auto, respectively.
! 3185:
! 3186: - introduced the parameter leftsendcert with the values
! 3187:
! 3188: always|yes (the default, always send a cert)
! 3189: ifasked (send the cert only upon a cert request)
! 3190: never|no (never send a cert, used for raw RSA keys and
! 3191: self-signed certs)
! 3192:
! 3193: - fixed the initialization of the ESP key length to a default of
! 3194: 128 bits in the case that the peer does not send a key length
! 3195: attribute for AES encryption.
! 3196:
! 3197: - applied Herbert Xu's uniqueIDs patch
! 3198:
! 3199: - applied Herbert Xu's CLOEXEC patches
! 3200:
! 3201:
! 3202: strongswan-2.5.2
! 3203: ----------------
! 3204:
! 3205: - CRLs can now be cached also in the case when the issuer's
! 3206: certificate does not contain a subjectKeyIdentifier field.
! 3207: In that case the subjectKeyIdentifier is computed by pluto as the
! 3208: 160 bit SHA-1 hash of the issuer's public key in compliance
! 3209: with section 4.2.1.2 of RFC 3280.
! 3210:
! 3211: - Fixed a bug introduced by strongswan-2.5.1 which eliminated
! 3212: not only multiple Quick Modes of a given connection but also
! 3213: multiple connections between two security gateways.
! 3214:
! 3215:
! 3216: strongswan-2.5.1
! 3217: ----------------
! 3218:
! 3219: - Under the native IPsec of the Linux 2.6 kernel, a %trap eroute
! 3220: installed either by setting auto=route in ipsec.conf or by
! 3221: a connection put into hold, generates an XFRM_ACQUIRE event
! 3222: for each packet that wants to use the not-yet existing
! 3223: tunnel. Up to now each XFRM_ACQUIRE event led to an entry in
! 3224: the Quick Mode queue, causing multiple IPsec SA to be
! 3225: established in rapid succession. Starting with strongswan-2.5.1
! 3226: only a single IPsec SA is established per host-pair connection.
! 3227:
! 3228: - Right after loading the PKCS#11 module, all smartcard slots are
! 3229: searched for certificates. The result can be viewed using
! 3230: the command
! 3231:
! 3232: ipsec auto --listcards
! 3233:
! 3234: The certificate objects found in the slots are numbered
! 3235: starting with #1, #2, etc. This position number can be used to address
! 3236: certificates (leftcert=%smartcard) and keys (: PIN %smartcard)
! 3237: in ipsec.conf and ipsec.secrets, respectively:
! 3238:
! 3239: %smartcard (selects object #1)
! 3240: %smartcard#1 (selects object #1)
! 3241: %smartcard#3 (selects object #3)
! 3242:
! 3243: As an alternative the existing retrieval scheme can be used:
! 3244:
! 3245: %smartcard:45 (selects object with id=45)
! 3246: %smartcard0 (selects first object in slot 0)
! 3247: %smartcard4:45 (selects object in slot 4 with id=45)
! 3248:
! 3249: - Depending on the settings of CKA_SIGN and CKA_DECRYPT
! 3250: private key flags either C_Sign() or C_Decrypt() is used
! 3251: to generate a signature.
! 3252:
! 3253: - The output buffer length parameter siglen in C_Sign()
! 3254: is now initialized to the actual size of the output
! 3255: buffer prior to the function call. This fixes the
! 3256: CKR_BUFFER_TOO_SMALL error that could occur when using
! 3257: the OpenSC PKCS#11 module.
! 3258:
! 3259: - Changed the initialization of the PKCS#11 CK_MECHANISM in
! 3260: C_SignInit() to mech = { CKM_RSA_PKCS, NULL_PTR, 0 }.
! 3261:
! 3262: - Refactored the RSA public/private key code and transferred it
! 3263: from keys.c to the new pkcs1.c file as a preparatory step
! 3264: towards the release of the SCEP client.
! 3265:
! 3266:
! 3267: strongswan-2.5.0
! 3268: ----------------
! 3269:
! 3270: - The loading of a PKCS#11 smartcard library module during
! 3271: runtime does not require OpenSC library functions any more
! 3272: because the corresponding code has been integrated into
! 3273: smartcard.c. Also the RSAREF pkcs11 header files have been
! 3274: included in a newly created pluto/rsaref directory so that
! 3275: no external include path has to be defined any longer.
! 3276:
! 3277: - A long-awaited feature has been implemented at last:
! 3278: The local caching of CRLs fetched via HTTP or LDAP, activated
! 3279: by the parameter cachecrls=yes in the config setup section
! 3280: of ipsec.conf. The dynamically fetched CRLs are stored under
! 3281: a unique file name containing the issuer's subjectKeyID
! 3282: in /etc/ipsec.d/crls.
! 3283:
! 3284: - Applied a one-line patch courtesy of Michael Richardson
! 3285: from the Openswan project which fixes the kernel-oops
! 3286: in KLIPS when an snmp daemon is running on the same box.
! 3287:
! 3288:
! 3289: strongswan-2.4.4
! 3290: ----------------
! 3291:
! 3292: - Eliminated null length CRL distribution point strings.
! 3293:
! 3294: - Fixed a trust path evaluation bug introduced with 2.4.3
! 3295:
! 3296:
! 3297: strongswan-2.4.3
! 3298: ----------------
! 3299:
! 3300: - Improved the joint OCSP / CRL revocation policy.
! 3301: OCSP responses have precedence over CRL entries.
! 3302:
! 3303: - Introduced support of CRLv2 reason codes.
! 3304:
! 3305: - Fixed a bug with key-pad equipped readers which caused
! 3306: pluto to prompt for the pin via the console when the first
! 3307: occasion to enter the pin via the key-pad was missed.
! 3308:
! 3309: - When pluto is built with LDAP_V3 enabled, the library
! 3310: liblber required by newer versions of openldap is now
! 3311: included.
! 3312:
! 3313:
! 3314: strongswan-2.4.2
! 3315: ----------------
! 3316:
! 3317: - Added the _updown_espmark template which requires all
! 3318: incoming ESP traffic to be marked with a default mark
! 3319: value of 50.
! 3320:
! 3321: - Introduced the pkcs11keepstate parameter in the config setup
! 3322: section of ipsec.conf. With pkcs11keepstate=yes the PKCS#11
! 3323: session and login states are kept as long as possible during
! 3324: the lifetime of pluto. This means that a PIN entry via a key
! 3325: pad has to be done only once.
! 3326:
! 3327: - Introduced the pkcs11module parameter in the config setup
! 3328: section of ipsec.conf which specifies the PKCS#11 module
! 3329: to be used with smart cards. Example:
! 3330:
! 3331: pkcs11module=/usr/lib/pkcs11/opensc-pkcs11.lo
! 3332:
! 3333: - Added support of smartcard readers equipped with a PIN pad.
! 3334:
! 3335: - Added patch by Jay Pfeifer which detects when netkey
! 3336: modules have been statically built into the Linux 2.6 kernel.
! 3337:
! 3338: - Added two patches by Herbert Xu. The first uses ip xfrm
! 3339: instead of setkey to flush the IPsec policy database. The
! 3340: second sets the optional flag in inbound IPComp SAs only.
! 3341:
! 3342: - Applied Ulrich Weber's patch which fixes an interoperability
! 3343: problem between native IPsec and KLIPS systems caused by
! 3344: setting the replay window to 32 instead of 0 for ipcomp.
! 3345:
! 3346:
! 3347: strongswan-2.4.1
! 3348: ----------------
! 3349:
! 3350: - Fixed a bug which caused an unwanted Mode Config request
! 3351: to be initiated in the case where "right" was used to denote
! 3352: the local side in ipsec.conf and "left" the remote side,
! 3353: contrary to the recommendation that "right" be remote and
! 3354: "left" be"local".
! 3355:
! 3356:
! 3357: strongswan-2.4.0a
! 3358: -----------------
! 3359:
! 3360: - updated Vendor ID to strongSwan-2.4.0
! 3361:
! 3362: - updated copyright statement to include David Buechi and
! 3363: Michael Meier
! 3364:
! 3365:
! 3366: strongswan-2.4.0
! 3367: ----------------
! 3368:
! 3369: - strongSwan now communicates with attached smartcards and
! 3370: USB crypto tokens via the standardized PKCS #11 interface.
! 3371: By default the OpenSC library from www.opensc.org is used
! 3372: but any other PKCS#11 library could be dynamically linked.
! 3373: strongSwan's PKCS#11 API was implemented by David Buechi
! 3374: and Michael Meier, both graduates of the Zurich University
! 3375: of Applied Sciences in Winterthur, Switzerland.
! 3376:
! 3377: - When a %trap eroute is triggered by an outgoing IP packet
! 3378: then the native IPsec stack of the Linux 2.6 kernel [often/
! 3379: always?] returns an XFRM_ACQUIRE message with an undefined
! 3380: protocol family field and the connection setup fails.
! 3381: As a workaround IPv4 (AF_INET) is now assumed.
! 3382:
! 3383: - the results of the UML test scenarios are now enhanced
! 3384: with block diagrams of the virtual network topology used
! 3385: in a particular test.
! 3386:
! 3387:
! 3388: strongswan-2.3.2
! 3389: ----------------
! 3390:
! 3391: - fixed IV used to decrypt informational messages.
! 3392: This bug was introduced with Mode Config functionality.
! 3393:
! 3394: - fixed NCP Vendor ID.
! 3395:
! 3396: - undid one of Ulrich Weber's maximum udp size patches
! 3397: because it caused a segmentation fault with NAT-ed
! 3398: Delete SA messages.
! 3399:
! 3400: - added UML scenarios wildcards and attr-cert which
! 3401: demonstrate the implementation of IPsec policies based
! 3402: on wildcard parameters contained in Distinguished Names and
! 3403: on X.509 attribute certificates, respectively.
! 3404:
! 3405:
! 3406: strongswan-2.3.1
! 3407: ----------------
! 3408:
! 3409: - Added basic Mode Config functionality
! 3410:
! 3411: - Added Mathieu Lafon's patch which upgrades the status of
! 3412: the NAT-Traversal implementation to RFC 3947.
! 3413:
! 3414: - The _startklips script now also loads the xfrm4_tunnel
! 3415: module.
! 3416:
! 3417: - Added Ulrich Weber's netlink replay window size and
! 3418: maximum udp size patches.
! 3419:
! 3420: - UML testing now uses the Linux 2.6.10 UML kernel by default.
! 3421:
! 3422:
! 3423: strongswan-2.3.0
! 3424: ----------------
! 3425:
! 3426: - Eric Marchionni and Patrik Rayo, both recent graduates from
! 3427: the Zuercher Hochschule Winterthur in Switzerland, created a
! 3428: User-Mode-Linux test setup for strongSwan. For more details
! 3429: please read the INSTALL and README documents in the testing
! 3430: subdirectory.
! 3431:
! 3432: - Full support of group attributes based on X.509 attribute
! 3433: certificates. Attribute certificates can be generated
! 3434: using the openac facility. For more details see
! 3435:
! 3436: man ipsec_openac.
! 3437:
! 3438: The group attributes can be used in connection definitions
! 3439: in order to give IPsec access to specific user groups.
! 3440: This is done with the new parameter left|rightgroups as in
! 3441:
! 3442: rightgroups="Research, Sales"
! 3443:
! 3444: giving access to users possessing the group attributes
! 3445: Research or Sales, only.
! 3446:
! 3447: - In Quick Mode clients with subnet mask /32 are now
! 3448: coded as IP_V4_ADDRESS or IP_V6_ADDRESS. This should
! 3449: fix rekeying problems with the SafeNet/SoftRemote and NCP
! 3450: Secure Entry Clients.
! 3451:
! 3452: - Changed the defaults of the ikelifetime and keylife parameters
! 3453: to 3h and 1h, respectively. The maximum allowable values are
! 3454: now both set to 24 h.
! 3455:
! 3456: - Suppressed notification wars between two IPsec peers that
! 3457: could e.g. be triggered by incorrect ISAKMP encryption.
! 3458:
! 3459: - Public RSA keys can now have identical IDs if either the
! 3460: issuing CA or the serial number is different. The serial
! 3461: number of a certificate is now shown by the command
! 3462:
! 3463: ipsec auto --listpubkeys
! 3464:
! 3465:
! 3466: strongswan-2.2.2
! 3467: ----------------
! 3468:
! 3469: - Added Tuomo Soini's sourceip feature which allows a strongSwan
! 3470: roadwarrior to use a fixed Virtual IP (see README section 2.6)
! 3471: and reduces the well-known four tunnel case on VPN gateways to
! 3472: a single tunnel definition (see README section 2.4).
! 3473:
! 3474: - Fixed a bug occurring with NAT-Traversal enabled when the responder
! 3475: suddenly turns initiator and the initiator cannot find a matching
! 3476: connection because of the floated IKE port 4500.
! 3477:
! 3478: - Removed misleading ipsec verify command from barf.
! 3479:
! 3480: - Running under the native IP stack, ipsec --version now shows
! 3481: the Linux kernel version (courtesy to the Openswan project).
! 3482:
! 3483:
! 3484: strongswan-2.2.1
! 3485: ----------------
! 3486:
! 3487: - Introduced the ipsec auto --listalgs monitoring command which lists
! 3488: all currently registered IKE and ESP algorithms.
! 3489:
! 3490: - Fixed a bug in the ESP algorithm selection occurring when the strict flag
! 3491: is set and the first proposed transform does not match.
! 3492:
! 3493: - Fixed another deadlock in the use of the lock_certs_and_keys() mutex,
! 3494: occurring when a smartcard is present.
! 3495:
! 3496: - Prevented that a superseded Phase1 state can trigger a DPD_TIMEOUT event.
! 3497:
! 3498: - Fixed the printing of the notification names (null)
! 3499:
! 3500: - Applied another of Herbert Xu's Netlink patches.
! 3501:
! 3502:
! 3503: strongswan-2.2.0
! 3504: ----------------
! 3505:
! 3506: - Support of Dead Peer Detection. The connection parameter
! 3507:
! 3508: dpdaction=clear|hold
! 3509:
! 3510: activates DPD for the given connection.
! 3511:
! 3512: - The default Opportunistic Encryption (OE) policy groups are not
! 3513: automatically included anymore. Those wishing to activate OE can include
! 3514: the policy group with the following statement in ipsec.conf:
! 3515:
! 3516: include /etc/ipsec.d/examples/oe.conf
! 3517:
! 3518: The default for [right|left]rsasigkey is now set to %cert.
! 3519:
! 3520: - strongSwan now has a Vendor ID of its own which can be activated
! 3521: using the compile option VENDORID
! 3522:
! 3523: - Applied Herbert Xu's patch which sets the compression algorithm correctly.
! 3524:
! 3525: - Applied Herbert Xu's patch fixing an ESPINUDP problem
! 3526:
! 3527: - Applied Herbert Xu's patch setting source/destination port numbers.
! 3528:
! 3529: - Reapplied one of Herbert Xu's NAT-Traversal patches which got
! 3530: lost during the migration from SuperFreeS/WAN.
! 3531:
! 3532: - Fixed a deadlock in the use of the lock_certs_and_keys() mutex.
! 3533:
! 3534: - Fixed the unsharing of alg parameters when instantiating group
! 3535: connection.
! 3536:
! 3537:
! 3538: strongswan-2.1.5
! 3539: ----------------
! 3540:
! 3541: - Thomas Walpuski made me aware of a potential DoS attack via
! 3542: a PKCS#7-wrapped certificate bundle which could overwrite valid CA
! 3543: certificates in Pluto's authority certificate store. This vulnerability
! 3544: was fixed by establishing trust in CA candidate certificates up to a
! 3545: trusted root CA prior to insertion into Pluto's chained list.
! 3546:
! 3547: - replaced the --assign option by the -v option in the auto awk script
! 3548: in order to make it run with mawk under debian/woody.
! 3549:
! 3550:
! 3551: strongswan-2.1.4
! 3552: ----------------
! 3553:
! 3554: - Split of the status information between ipsec auto --status (concise)
! 3555: and ipsec auto --statusall (verbose). Both commands can be used with
! 3556: an optional connection selector:
! 3557:
! 3558: ipsec auto --status[all] <connection_name>
! 3559:
! 3560: - Added the description of X.509 related features to the ipsec_auto(8)
! 3561: man page.
! 3562:
! 3563: - Hardened the ASN.1 parser in debug mode, especially the printing
! 3564: of malformed distinguished names.
! 3565:
! 3566: - The size of an RSA public key received in a certificate is now restricted to
! 3567:
! 3568: 512 bits <= modulus length <= 8192 bits.
! 3569:
! 3570: - Fixed the debug mode enumeration.
! 3571:
! 3572:
! 3573: strongswan-2.1.3
! 3574: ----------------
! 3575:
! 3576: - Fixed another PKCS#7 vulnerability which could lead to an
! 3577: endless loop while following the X.509 trust chain.
! 3578:
! 3579:
! 3580: strongswan-2.1.2
! 3581: ----------------
! 3582:
! 3583: - Fixed the PKCS#7 vulnerability discovered by Thomas Walpuski
! 3584: that accepted end certificates having identical issuer and subject
! 3585: distinguished names in a multi-tier X.509 trust chain.
! 3586:
! 3587:
! 3588: strongswan-2.1.1
! 3589: ----------------
! 3590:
! 3591: - Removed all remaining references to ipsec_netlink.h in KLIPS.
! 3592:
! 3593:
! 3594: strongswan-2.1.0
! 3595: ----------------
! 3596:
! 3597: - The new "ca" section allows to define the following parameters:
! 3598:
! 3599: ca kool
! 3600: cacert=koolCA.pem # cacert of kool CA
! 3601: ocspuri=http://ocsp.kool.net:8001 # ocsp server
! 3602: ldapserver=ldap.kool.net # default ldap server
! 3603: crluri=http://www.kool.net/kool.crl # crl distribution point
! 3604: crluri2="ldap:///O=Kool, C= .." # crl distribution point #2
! 3605: auto=add # add, ignore
! 3606:
! 3607: The ca definitions can be monitored via the command
! 3608:
! 3609: ipsec auto --listcainfos
! 3610:
! 3611: - Fixed cosmetic corruption of /proc filesystem by integrating
! 3612: D. Hugh Redelmeier's freeswan-2.06 kernel fixes.
! 3613:
! 3614:
! 3615: strongswan-2.0.2
! 3616: ----------------
! 3617:
! 3618: - Added support for the 818043 NAT-Traversal update of Microsoft's
! 3619: Windows 2000/XP IPsec client which sends an ID_FQDN during Quick Mode.
! 3620:
! 3621: - A symbolic link to libcrypto is now added in the kernel sources
! 3622: during kernel compilation
! 3623:
! 3624: - Fixed a couple of 64 bit issues (mostly casts to int).
! 3625: Thanks to Ken Bantoft who checked my sources on a 64 bit platform.
! 3626:
! 3627: - Replaced s[n]printf() statements in the kernel by ipsec_snprintf().
! 3628: Credits go to D. Hugh Redelmeier, Michael Richardson, and Sam Sgro
! 3629: of the FreeS/WAN team who solved this problem with the 2.4.25 kernel.
! 3630:
! 3631:
! 3632: strongswan-2.0.1
! 3633: ----------------
! 3634:
! 3635: - an empty ASN.1 SEQUENCE OF or SET OF object (e.g. a subjectAltName
! 3636: certificate extension which contains no generalName item) can cause
! 3637: a pluto crash. This bug has been fixed. Additionally the ASN.1 parser has
! 3638: been hardened to make it more robust against malformed ASN.1 objects.
! 3639:
! 3640: - applied Herbert Xu's NAT-T patches which fixes NAT-T under the native
! 3641: Linux 2.6 IPsec stack.
! 3642:
! 3643:
! 3644: strongswan-2.0.0
! 3645: ----------------
! 3646:
! 3647: - based on freeswan-2.04, x509-1.5.3, nat-0.6c, alg-0.8.1rc12
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to NEWS CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan