NEWS: Introduce connmark plugin

2014-11-18 11:41:44 +01:00 · 2014-11-18 11:41:44 +01:00 · 1e1e88e6d9
parent 9ed09d5f77
commit 1e1e88e6d9
1 changed files with 6 additions and 0 deletions
--- a/6
+++ b/6
@ -6,6 +6,12 @@
  as any previous strongSwan release) it must be explicitly enabled using
  the charon.make_before_break strongswan.conf option.

+- The new connmark plugin allows a host to bind conntrack flows to a specific
+  CHILD_SA by applying and restoring the SA mark to conntrack entries. This
+  allows a peer to handle multiple transport mode connections coming over the
+  same NAT device for client-initiated flows. A common use case is to protect
+  L2TP/IPsec, as supported by some systems.
+

 strongswan-5.2.2
 ----------------