NEWS: Add strongswan.conf changes and IPComp fixes

Tobias Brunner 9 years ago
parent 03650d5a2d
commit c2d5add6ce


@ -1,6 +1,27 @@
- A new default configuration file layout is introduced. The new default
strongswan.conf file mainly includes config snippets from the strongswan.d
and strongswan.d/charon directories (the latter containing snippets for all
plugins). The snippets, with commented defaults, are automatically
generated and installed, if they don't exist yet. They are also installed
in $prefix/share/strongswan/templates so existing files can be compared to
the current defaults.
- As an alternative to the non-extensible charon.load setting, the plugins
to load in charon (and optionally other applications) can now be determined
via the charon.plugins.<name>.load setting for each plugin (enabled in the
new default strongswan.conf file via the charon.load_modular option).
The load setting optionally takes a numeric priority value that allows
reordering the plugins (otherwise the default plugin order is preserved).
- All strongswan.conf settings that were formerly defined in library specific
"global" sections are now application specific (e.g. settings for plugins in
libstrongswan.plugins can now be set only for charon in charon.plugins).
The old options are still supported, which now allows to define defaults for
all applications in the libstrongswan section.
- The ntru libstrongswan plugin supports NTRUEncrypt as a post-quantum
computer IKE key exchange mechanism. The implementation is based on the
ntru-crypto library from the NTRUOpenSourceProject. The supported security
@ -11,6 +32,9 @@ strongswan-5.1.2
- Defined a TPMRA remote attestation workitem and added support for it to the
Attestation IMV.
- Compatibility issues between IPComp (compress=yes) and leftfirewall=yes as
well as multiple subnets in left|rightsubnet have been fixed.
- When enabling its "session" strongswan.conf option, the xauth-pam plugin opens
and closes a PAM session for each established IKE_SA. Patch courtesy of
Andrea Bonomi.