From c2d5add6cee098a562d94287b688bd4675a9a16e Mon Sep 17 00:00:00 2001 From: Tobias Brunner Date: Thu, 13 Feb 2014 11:45:29 +0100 Subject: [PATCH] NEWS: Add strongswan.conf changes and IPComp fixes --- NEWS | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/NEWS b/NEWS index 40bce4f2a..0d22295d4 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,27 @@ strongswan-5.1.2 ---------------- +- A new default configuration file layout is introduced. The new default + strongswan.conf file mainly includes config snippets from the strongswan.d + and strongswan.d/charon directories (the latter containing snippets for all + plugins). The snippets, with commented defaults, are automatically + generated and installed, if they don't exist yet. They are also installed + in $prefix/share/strongswan/templates so existing files can be compared to + the current defaults. + +- As an alternative to the non-extensible charon.load setting, the plugins + to load in charon (and optionally other applications) can now be determined + via the charon.plugins..load setting for each plugin (enabled in the + new default strongswan.conf file via the charon.load_modular option). + The load setting optionally takes a numeric priority value that allows + reordering the plugins (otherwise the default plugin order is preserved). + +- All strongswan.conf settings that were formerly defined in library specific + "global" sections are now application specific (e.g. settings for plugins in + libstrongswan.plugins can now be set only for charon in charon.plugins). + The old options are still supported, which now allows to define defaults for + all applications in the libstrongswan section. + - The ntru libstrongswan plugin supports NTRUEncrypt as a post-quantum computer IKE key exchange mechanism. The implementation is based on the ntru-crypto library from the NTRUOpenSourceProject. The supported security @@ -11,6 +32,9 @@ strongswan-5.1.2 - Defined a TPMRA remote attestation workitem and added support for it to the Attestation IMV. +- Compatibility issues between IPComp (compress=yes) and leftfirewall=yes as + well as multiple subnets in left|rightsubnet have been fixed. + - When enabling its "session" strongswan.conf option, the xauth-pam plugin opens and closes a PAM session for each established IKE_SA. Patch courtesy of Andrea Bonomi.