1898 lines
73 KiB
Plaintext
1898 lines
73 KiB
Plaintext
|
|
strongswan-4.5.0
|
|
----------------
|
|
|
|
- Added new ctr, ccm and gcm plugins providing Counter, Counter with CBC-MAC
|
|
and Galois/Counter Modes based on existing CBC implementations. These
|
|
new plugins bring support for AES and Camellia Counter and CCM algorithms
|
|
and the AES GCM algorithms for use in IKEv2.
|
|
|
|
strongswan-4.4.1
|
|
----------------
|
|
|
|
- Support of xfrm marks in IPsec SAs and IPsec policies introduced
|
|
with the Linux 2.6.34 kernel. For details see the example scenarios
|
|
ikev2/nat-two-rw-mark, ikev2/rw-nat-mark-in-out and ikev2/net2net-psk-dscp.
|
|
|
|
- The PLUTO_MARK_IN and PLUTO_ESP_ENC environment variables can be used
|
|
in a user-specific updown script to set marks on inbound ESP or
|
|
ESP_IN_UDP packets.
|
|
|
|
- The openssl plugin now supports X.509 certificate and CRL functions.
|
|
|
|
- OCSP/CRL checking in IKEv2 has been moved to the revocation plugin, enabled
|
|
by default. Plase update manual load directives in strongswan.conf.
|
|
|
|
- RFC3779 ipAddrBlock constraint checking has been moved to the addrblock
|
|
plugin, disabled by default. Enable it and update manual load directives
|
|
in strongswan.conf, if required.
|
|
|
|
- The pki utility supports CRL generation using the --signcrl command.
|
|
|
|
- The ipsec pki --self, --issue and --req commands now support output in
|
|
PEM format using the --outform pem option.
|
|
|
|
- The major refactoring of the IKEv1 Mode Config functionality now allows
|
|
the transport and handling of any Mode Config attribute.
|
|
|
|
- The RADIUS proxy plugin eap-radius now supports multiple servers. Configured
|
|
servers are chosen randomly, with the option to prefer a specific server.
|
|
Non-responding servers are degraded by the selection process.
|
|
|
|
- The ipsec pool tool manages arbitrary configuration attributes stored
|
|
in an SQL database. ipsec pool --help gives the details.
|
|
|
|
- The new eap-simaka-sql plugin acts as a backend for EAP-SIM and EAP-AKA,
|
|
reading triplets/quintuplets from an SQL database.
|
|
|
|
- The High Availability plugin now supports a HA enabled in-memory address
|
|
pool and Node reintegration without IKE_SA rekeying. The latter allows
|
|
clients without IKE_SA rekeying support to keep connected during
|
|
reintegration. Additionally, many other issues have been fixed in the ha
|
|
plugin.
|
|
|
|
- Fixed a potential remote code execution vulnerability resulting from
|
|
the misuse of snprintf(). The vulnerability is exploitable by
|
|
unauthenticated users.
|
|
|
|
|
|
strongswan-4.4.0
|
|
----------------
|
|
|
|
- The IKEv2 High Availability plugin has been integrated. It provides
|
|
load sharing and failover capabilities in a cluster of currently two nodes,
|
|
based on an extend ClusterIP kernel module. More information is available at
|
|
http://wiki.strongswan.org/projects/strongswan/wiki/HighAvailability.
|
|
The development of the High Availability functionality was sponsored by
|
|
secunet Security Networks AG.
|
|
|
|
- Added IKEv1 and IKEv2 configuration support for the AES-GMAC
|
|
authentication-only ESP cipher. Our aes_gmac kernel patch or a Linux
|
|
2.6.34 kernel is required to make AES-GMAC available via the XFRM
|
|
kernel interface.
|
|
|
|
- Added support for Diffie-Hellman groups 22, 23 and 24 to the gmp, gcrypt
|
|
and openssl plugins, usable by both pluto and charon. The new proposal
|
|
keywords are modp1024s160, modp2048s224 and modp2048s256. Thanks to Joy Latten
|
|
from IBM for his contribution.
|
|
|
|
- The IKEv1 pluto daemon supports RAM-based virtual IP pools using
|
|
the rightsourceip directive with a subnet from which addresses
|
|
are allocated.
|
|
|
|
- The ipsec pki --gen and --pub commands now allow the output of
|
|
private and public keys in PEM format using the --outform pem
|
|
command line option.
|
|
|
|
- The new DHCP plugin queries virtual IP addresses for clients from a DHCP
|
|
server using broadcasts, or a defined server using the
|
|
charon.plugins.dhcp.server strongswan.conf option. DNS/WINS server information
|
|
is additionally served to clients if the DHCP server provides such
|
|
information. The plugin is used in ipsec.conf configurations having
|
|
rightsourceip set to %dhcp.
|
|
|
|
- A new plugin called farp fakes ARP responses for virtual IP addresses
|
|
handed out to clients from the IKEv2 daemon charon. The plugin lets a
|
|
road-warrior act as a client on the local LAN if it uses a virtual IP
|
|
from the responders subnet, e.g. acquired using the DHCP plugin.
|
|
|
|
- The existing IKEv2 socket implementations have been migrated to the
|
|
socket-default and the socket-raw plugins. The new socket-dynamic plugin
|
|
binds sockets dynamically to ports configured via the left-/rightikeport
|
|
ipsec.conf connection parameters.
|
|
|
|
- The android charon plugin stores received DNS server information as "net.dns"
|
|
system properties, as used by the Android platform.
|
|
|
|
|
|
strongswan-4.3.6
|
|
----------------
|
|
|
|
- The IKEv2 daemon supports RFC 3779 IP address block constraints
|
|
carried as a critical X.509v3 extension in the peer certificate.
|
|
|
|
- The ipsec pool --add|del dns|nbns command manages DNS and NBNS name
|
|
server entries that are sent via the IKEv1 Mode Config or IKEv2
|
|
Configuration Payload to remote clients.
|
|
|
|
- The Camellia cipher can be used as an IKEv1 encryption algorithm.
|
|
|
|
- The IKEv1 and IKEV2 daemons now check certificate path length constraints.
|
|
|
|
- The new ipsec.conf conn option "inactivity" closes a CHILD_SA if no traffic
|
|
was sent or received within the given interval. To close the complete IKE_SA
|
|
if its only CHILD_SA was inactive, set the global strongswan.conf option
|
|
"charon.inactivity_close_ike" to yes.
|
|
|
|
- More detailed IKEv2 EAP payload information in debug output
|
|
|
|
- IKEv2 EAP-SIM and EAP-AKA share joint libsimaka library
|
|
|
|
- Added required userland changes for proper SHA256 and SHA384/512 in ESP that
|
|
will be introduced with Linux 2.6.33. The "sha256"/"sha2_256" keyword now
|
|
configures the kernel with 128 bit truncation, not the non-standard 96
|
|
bit truncation used by previous releases. To use the old 96 bit truncation
|
|
scheme, the new "sha256_96" proposal keyword has been introduced.
|
|
|
|
- Fixed IPComp in tunnel mode, stripping out the duplicated outer header. This
|
|
change makes IPcomp tunnel mode connections incompatible with previous
|
|
releases; disable compression on such tunnels.
|
|
|
|
- Fixed BEET mode connections on recent kernels by installing SAs with
|
|
appropriate traffic selectors, based on a patch by Michael Rossberg.
|
|
|
|
- Using extensions (such as BEET mode) and crypto algorithms (such as twofish,
|
|
serpent, sha256_96) allocated in the private use space now require that we
|
|
know its meaning, i.e. we are talking to strongSwan. Use the new
|
|
"charon.send_vendor_id" option in strongswan.conf to let the remote peer know
|
|
this is the case.
|
|
|
|
- Experimental support for draft-eronen-ipsec-ikev2-eap-auth, where the
|
|
responder omits public key authentication in favor of a mutual authentication
|
|
method. To enable EAP-only authentication, set rightauth=eap on the responder
|
|
to rely only on the MSK constructed AUTH payload. This not-yet standardized
|
|
extension requires the strongSwan vendor ID introduced above.
|
|
|
|
- The IKEv1 daemon ignores the Juniper SRX notification type 40001, thus
|
|
allowing interoperability.
|
|
|
|
|
|
strongswan-4.3.5
|
|
----------------
|
|
|
|
- The IKEv1 pluto daemon can now use SQL-based address pools to deal out
|
|
virtual IP addresses as a Mode Config server. The pool capability has been
|
|
migrated from charon's sql plugin to a new attr-sql plugin which is loaded
|
|
by libstrongswan and which can be used by both daemons either with a SQLite
|
|
or MySQL database and the corresponding plugin.
|
|
|
|
- Plugin names have been streamlined: EAP plugins now have a dash after eap
|
|
(e.g. eap-sim), as it is used with the --enable-eap-sim ./configure option.
|
|
Plugin configuration sections in strongswan.conf now use the same name as the
|
|
plugin itself (i.e. with a dash). Make sure to update "load" directives and
|
|
the affected plugin sections in existing strongswan.conf files.
|
|
|
|
- The private/public key parsing and encoding has been split up into
|
|
separate pkcs1, pgp, pem and dnskey plugins. The public key implementation
|
|
plugins gmp, gcrypt and openssl can all make use of them.
|
|
|
|
- The EAP-AKA plugin can use different backends for USIM/quintuplet
|
|
calculations, very similar to the EAP-SIM plugin. The existing 3GPP2 software
|
|
implementation has been migrated to a separate plugin.
|
|
|
|
- The IKEv2 daemon charon gained basic PGP support. It can use locally installed
|
|
peer certificates and can issue signatures based on RSA private keys.
|
|
|
|
- The new 'ipsec pki' tool provides a set of commands to maintain a public
|
|
key infrastructure. It currently supports operations to create RSA and ECDSA
|
|
private/public keys, calculate fingerprints and issue or verify certificates.
|
|
|
|
- Charon uses a monotonic time source for statistics and job queueing, behaving
|
|
correctly if the system time changes (e.g. when using NTP).
|
|
|
|
- In addition to time based rekeying, charon supports IPsec SA lifetimes based
|
|
on processed volume or number of packets. They new ipsec.conf paramaters
|
|
'lifetime' (an alias to 'keylife'), 'lifebytes' and 'lifepackets' handle
|
|
SA timeouts, while the parameters 'margintime' (an alias to rekeymargin),
|
|
'marginbytes' and 'marginpackets' trigger the rekeying before a SA expires.
|
|
The existing parameter 'rekeyfuzz' affects all margins.
|
|
|
|
- If no CA/Gateway certificate is specified in the NetworkManager plugin,
|
|
charon uses a set of trusted root certificates preinstalled by distributions.
|
|
The directory containing CA certificates can be specified using the
|
|
--with-nm-ca-dir=path configure option.
|
|
|
|
- Fixed the encoding of the Email relative distinguished name in left|rightid
|
|
statements.
|
|
|
|
- Fixed the broken parsing of PKCS#7 wrapped certificates by the pluto daemon.
|
|
|
|
- Fixed smartcard-based authentication in the pluto daemon which was broken by
|
|
the ECDSA support introduced with the 4.3.2 release.
|
|
|
|
- A patch contributed by Heiko Hund fixes mixed IPv6 in IPv4 and vice versa
|
|
tunnels established with the IKEv1 pluto daemon.
|
|
|
|
- The pluto daemon now uses the libstrongswan x509 plugin for certificates and
|
|
CRls and the struct id type was replaced by identification_t used by charon
|
|
and the libstrongswan library.
|
|
|
|
|
|
strongswan-4.3.4
|
|
----------------
|
|
|
|
- IKEv2 charon daemon ported to FreeBSD and Mac OS X. Installation details can
|
|
be found on wiki.strongswan.org.
|
|
|
|
- ipsec statusall shows the number of bytes transmitted and received over
|
|
ESP connections configured by the IKEv2 charon daemon.
|
|
|
|
- The IKEv2 charon daemon supports include files in ipsec.secrets.
|
|
|
|
|
|
strongswan-4.3.3
|
|
----------------
|
|
|
|
- The configuration option --enable-integrity-test plus the strongswan.conf
|
|
option libstrongswan.integrity_test = yes activate integrity tests
|
|
of the IKE daemons charon and pluto, libstrongswan and all loaded
|
|
plugins. Thus dynamic library misconfigurations and non-malicious file
|
|
manipulations can be reliably detected.
|
|
|
|
- The new default setting libstrongswan.ecp_x_coordinate_only=yes allows
|
|
IKEv1 interoperability with MS Windows using the ECP DH groups 19 and 20.
|
|
|
|
- The IKEv1 pluto daemon now supports the AES-CCM and AES-GCM ESP
|
|
authenticated encryption algorithms.
|
|
|
|
- The IKEv1 pluto daemon now supports V4 OpenPGP keys.
|
|
|
|
- The RDN parser vulnerability discovered by Orange Labs research team
|
|
was not completely fixed in version 4.3.2. Some more modifications
|
|
had to be applied to the asn1_length() function to make it robust.
|
|
|
|
|
|
strongswan-4.3.2
|
|
----------------
|
|
|
|
- The new gcrypt plugin provides symmetric cipher, hasher, RNG, Diffie-Hellman
|
|
and RSA crypto primitives using the LGPL licensed GNU gcrypt library.
|
|
|
|
- libstrongswan features an integrated crypto selftest framework for registered
|
|
algorithms. The test-vector plugin provides a first set of test vectors and
|
|
allows pluto and charon to rely on tested crypto algorithms.
|
|
|
|
- pluto can now use all libstrongswan plugins with the exception of x509 and xcbc.
|
|
Thanks to the openssl plugin, the ECP Diffie-Hellman groups 19, 20, 21, 25, and
|
|
26 as well as ECDSA-256, ECDSA-384, and ECDSA-521 authentication can be used
|
|
with IKEv1.
|
|
|
|
- Applying their fuzzing tool, the Orange Labs vulnerability research team found
|
|
another two DoS vulnerabilities, one in the rather old ASN.1 parser of Relative
|
|
Distinguished Names (RDNs) and a second one in the conversion of ASN.1 UTCTIME
|
|
and GENERALIZEDTIME strings to a time_t value.
|
|
|
|
|
|
strongswan-4.3.1
|
|
----------------
|
|
|
|
- The nm plugin now passes DNS/NBNS server information to NetworkManager,
|
|
allowing a gateway administrator to set DNS/NBNS configuration on clients
|
|
dynamically.
|
|
|
|
- The nm plugin also accepts CA certificates for gateway authentication. If
|
|
a CA certificate is configured, strongSwan uses the entered gateway address
|
|
as its idenitity, requiring the gateways certificate to contain the same as
|
|
subjectAltName. This allows a gateway administrator to deploy the same
|
|
certificates to Windows 7 and NetworkManager clients.
|
|
|
|
- The command ipsec purgeike deletes IKEv2 SAs that don't have a CHILD SA.
|
|
The command ipsec down <conn>{n} deletes CHILD SA instance n of connection
|
|
<conn> whereas ipsec down <conn>{*} deletes all CHILD SA instances.
|
|
The command ipsec down <conn>[n] deletes IKE SA instance n of connection
|
|
<conn> plus dependent CHILD SAs whereas ipsec down <conn>[*] deletes all
|
|
IKE SA instances of connection <conn>.
|
|
|
|
- Fixed a regression introduced in 4.3.0 where EAP authentication calculated
|
|
the AUTH payload incorrectly. Further, the EAP-MSCHAPv2 MSK key derivation
|
|
has been updated to be compatible with the Windows 7 Release Candidate.
|
|
|
|
- Refactored installation of triggering policies. Routed policies are handled
|
|
outside of IKE_SAs to keep them installed in any case. A tunnel gets
|
|
established only once, even if initiation is delayed due network outages.
|
|
|
|
- Improved the handling of multiple acquire signals triggered by the kernel.
|
|
|
|
- Fixed two DoS vulnerabilities in the charon daemon that were discovered by
|
|
fuzzing techniques: 1) Sending a malformed IKE_SA_INIT request leaved an
|
|
incomplete state which caused a null pointer dereference if a subsequent
|
|
CREATE_CHILD_SA request was sent. 2) Sending an IKE_AUTH request with either
|
|
a missing TSi or TSr payload caused a null pointer derefence because the
|
|
checks for TSi and TSr were interchanged. The IKEv2 fuzzer used was
|
|
developped by the Orange Labs vulnerability research team. The tool was
|
|
initially written by Gabriel Campana and is now maintained by Laurent Butti.
|
|
|
|
- Added support for AES counter mode in ESP in IKEv2 using the proposal
|
|
keywords aes128ctr, aes192ctr and aes256ctr.
|
|
|
|
- Further progress in refactoring pluto: Use of the curl and ldap plugins
|
|
for fetching crls and OCSP. Use of the random plugin to get keying material
|
|
from /dev/random or /dev/urandom. Use of the openssl plugin as an alternative
|
|
to the aes, des, sha1, sha2, and md5 plugins. The blowfish, twofish, and
|
|
serpent encryption plugins are now optional and are not enabled by default.
|
|
|
|
|
|
strongswan-4.3.0
|
|
----------------
|
|
|
|
- Support for the IKEv2 Multiple Authentication Exchanges extension (RFC4739).
|
|
Initiators and responders can use several authentication rounds (e.g. RSA
|
|
followed by EAP) to authenticate. The new ipsec.conf leftauth/rightauth and
|
|
leftauth2/rightauth2 parameters define own authentication rounds or setup
|
|
constraints for the remote peer. See the ipsec.conf man page for more detials.
|
|
|
|
- If glibc printf hooks (register_printf_function) are not available,
|
|
strongSwan can use the vstr string library to run on non-glibc systems.
|
|
|
|
- The IKEv2 charon daemon can now configure the ESP CAMELLIA-CBC cipher
|
|
(esp=camellia128|192|256).
|
|
|
|
- Refactored the pluto and scepclient code to use basic functions (memory
|
|
allocation, leak detective, chunk handling, printf_hooks, strongswan.conf
|
|
attributes, ASN.1 parser, etc.) from the libstrongswan library.
|
|
|
|
- Up to two DNS and WINS servers to be sent via IKEv1 ModeConfig can be
|
|
configured in the pluto section of strongswan.conf.
|
|
|
|
|
|
strongswan-4.2.14
|
|
-----------------
|
|
|
|
- The new server-side EAP RADIUS plugin (--enable-eap-radius)
|
|
relays EAP messages to and from a RADIUS server. Succesfully
|
|
tested with with a freeradius server using EAP-MD5 and EAP-SIM.
|
|
|
|
- A vulnerability in the Dead Peer Detection (RFC 3706) code was found by
|
|
Gerd v. Egidy <gerd.von.egidy@intra2net.com> of Intra2net AG affecting
|
|
all Openswan and strongSwan releases. A malicious (or expired ISAKMP)
|
|
R_U_THERE or R_U_THERE_ACK Dead Peer Detection packet can cause the
|
|
pluto IKE daemon to crash and restart. No authentication or encryption
|
|
is required to trigger this bug. One spoofed UDP packet can cause the
|
|
pluto IKE daemon to restart and be unresponsive for a few seconds while
|
|
restarting. This DPD null state vulnerability has been officially
|
|
registered as CVE-2009-0790 and is fixed by this release.
|
|
|
|
- ASN.1 to time_t conversion caused a time wrap-around for
|
|
dates after Jan 18 03:14:07 UTC 2038 on 32-bit platforms.
|
|
As a workaround such dates are set to the maximum representable
|
|
time, i.e. Jan 19 03:14:07 UTC 2038.
|
|
|
|
- Distinguished Names containing wildcards (*) are not sent in the
|
|
IDr payload anymore.
|
|
|
|
|
|
strongswan-4.2.13
|
|
-----------------
|
|
|
|
- Fixed a use-after-free bug in the DPD timeout section of the
|
|
IKEv1 pluto daemon which sporadically caused a segfault.
|
|
|
|
- Fixed a crash in the IKEv2 charon daemon occuring with
|
|
mixed RAM-based and SQL-based virtual IP address pools.
|
|
|
|
- Fixed ASN.1 parsing of algorithmIdentifier objects where the
|
|
parameters field is optional.
|
|
|
|
- Ported nm plugin to NetworkManager 7.1.
|
|
|
|
|
|
strongswan-4.2.12
|
|
-----------------
|
|
|
|
- Support of the EAP-MSCHAPv2 protocol enabled by the option
|
|
--enable-eap-mschapv2. Requires the MD4 hash algorithm enabled
|
|
either by --enable-md4 or --enable-openssl.
|
|
|
|
- Assignment of up to two DNS and up to two WINS servers to peers via
|
|
the IKEv2 Configuration Payload (CP). The IPv4 or IPv6 nameserver
|
|
addresses are defined in strongswan.conf.
|
|
|
|
- The strongSwan applet for the Gnome NetworkManager is now built and
|
|
distributed as a separate tarball under the name NetworkManager-strongswan.
|
|
|
|
|
|
strongswan-4.2.11
|
|
-----------------
|
|
|
|
- Fixed ESP NULL encryption broken by the refactoring of keymat.c.
|
|
Also introduced proper initialization and disposal of keying material.
|
|
|
|
- Fixed the missing listing of connection definitions in ipsec statusall
|
|
broken by an unfortunate local variable overload.
|
|
|
|
|
|
strongswan-4.2.10
|
|
-----------------
|
|
|
|
- Several performance improvements to handle thousands of tunnels with almost
|
|
linear upscaling. All relevant data structures have been replaced by faster
|
|
counterparts with better lookup times.
|
|
|
|
- Better parallelization to run charon on multiple cores. Due to improved
|
|
ressource locking and other optimizations the daemon can take full
|
|
advantage of 16 or even more cores.
|
|
|
|
- The load-tester plugin can use a NULL Diffie-Hellman group and simulate
|
|
unique identities and certificates by signing peer certificates using a CA
|
|
on the fly.
|
|
|
|
- The redesigned stroke in-memory IP pool handles leases. The "ipsec leases"
|
|
command queries assigned leases.
|
|
|
|
- Added support for smartcards in charon by using the ENGINE API provided by
|
|
OpenSSL, based on patches by Michael Roßberg.
|
|
|
|
- The Padlock plugin supports the hardware RNG found on VIA CPUs to provide a
|
|
reliable source of randomness.
|
|
|
|
strongswan-4.2.9
|
|
----------------
|
|
|
|
- Flexible configuration of logging subsystem allowing to log to multiple
|
|
syslog facilities or to files using fine-grained log levels for each target.
|
|
|
|
- Load testing plugin to do stress testing of the IKEv2 daemon against self
|
|
or another host. Found and fixed issues during tests in the multi-threaded
|
|
use of the OpenSSL plugin.
|
|
|
|
- Added profiling code to synchronization primitives to find bottlenecks if
|
|
running on multiple cores. Found and fixed an issue where parts of the
|
|
Diffie-Hellman calculation acquired an exclusive lock. This greatly improves
|
|
parallelization to multiple cores.
|
|
|
|
- updown script invocation has been separated into a plugin of its own to
|
|
further slim down the daemon core.
|
|
|
|
- Separated IKE_SA/CHILD_SA key derivation process into a closed system,
|
|
allowing future implementations to use a secured environment in e.g. kernel
|
|
memory or hardware.
|
|
|
|
- The kernel interface of charon has been modularized. XFRM NETLINK (default)
|
|
and PFKEY (--enable-kernel-pfkey) interface plugins for the native IPsec
|
|
stack of the Linux 2.6 kernel as well as a PFKEY interface for the KLIPS
|
|
IPsec stack (--enable-kernel-klips) are provided.
|
|
|
|
- Basic Mobile IPv6 support has been introduced, securing Binding Update
|
|
messages as well as tunneled traffic between Mobile Node and Home Agent.
|
|
The installpolicy=no option allows peaceful cooperation with a dominant
|
|
mip6d daemon and the new type=transport_proxy implements the special MIPv6
|
|
IPsec transport proxy mode where the IKEv2 daemon uses the Care-of-Address
|
|
but the IPsec SA is set up for the Home Adress.
|
|
|
|
- Implemented migration of Mobile IPv6 connections using the KMADDRESS
|
|
field contained in XFRM_MSG_MIGRATE messages sent by the mip6d daemon
|
|
via the Linux 2.6.28 (or appropriately patched) kernel.
|
|
|
|
|
|
strongswan-4.2.8
|
|
----------------
|
|
|
|
- IKEv2 charon daemon supports authentication based on raw public keys
|
|
stored in the SQL database backend. The ipsec listpubkeys command
|
|
lists the available raw public keys via the stroke interface.
|
|
|
|
- Several MOBIKE improvements: Detect changes in NAT mappings in DPD exchanges,
|
|
handle events if kernel detects NAT mapping changes in UDP-encapsulated
|
|
ESP packets (requires kernel patch), reuse old addesses in MOBIKE updates as
|
|
long as possible and other fixes.
|
|
|
|
- Fixed a bug in addr_in_subnet() which caused insertion of wrong source
|
|
routes for destination subnets having netwmasks not being a multiple of 8 bits.
|
|
Thanks go to Wolfgang Steudel, TU Ilmenau for reporting this bug.
|
|
|
|
|
|
strongswan-4.2.7
|
|
----------------
|
|
|
|
- Fixed a Denial-of-Service vulnerability where an IKE_SA_INIT message with
|
|
a KE payload containing zeroes only can cause a crash of the IKEv2 charon
|
|
daemon due to a NULL pointer returned by the mpz_export() function of the
|
|
GNU Multiprecision Library (GMP). Thanks go to Mu Dynamics Research Labs
|
|
for making us aware of this problem.
|
|
|
|
- The new agent plugin provides a private key implementation on top of an
|
|
ssh-agent.
|
|
|
|
- The NetworkManager plugin has been extended to support certificate client
|
|
authentication using RSA keys loaded from a file or using ssh-agent.
|
|
|
|
- Daemon capability dropping has been ported to libcap and must be enabled
|
|
explicitly --with-capabilities=libcap. Future version will support the
|
|
newer libcap2 library.
|
|
|
|
- ipsec listalgs lists the IKEv2 cryptografic algorithms registered with the
|
|
charon keying daemon.
|
|
|
|
|
|
strongswan-4.2.6
|
|
----------------
|
|
|
|
- A NetworkManager plugin allows GUI-based configuration of road-warrior
|
|
clients in a simple way. It features X509 based gateway authentication
|
|
and EAP client authentication, tunnel setup/teardown and storing passwords
|
|
in the Gnome Keyring.
|
|
|
|
- A new EAP-GTC plugin implements draft-sheffer-ikev2-gtc-00.txt and allows
|
|
username/password authentication against any PAM service on the gateway.
|
|
The new EAP method interacts nicely with the NetworkManager plugin and allows
|
|
client authentication against e.g. LDAP.
|
|
|
|
- Improved support for the EAP-Identity method. The new ipsec.conf eap_identity
|
|
parameter defines an additional identity to pass to the server in EAP
|
|
authentication.
|
|
|
|
- The "ipsec statusall" command now lists CA restrictions, EAP
|
|
authentication types and EAP identities.
|
|
|
|
- Fixed two multithreading deadlocks occurring when starting up
|
|
several hundred tunnels concurrently.
|
|
|
|
- Fixed the --enable-integrity-test configure option which
|
|
computes a SHA-1 checksum over the libstrongswan library.
|
|
|
|
|
|
strongswan-4.2.5
|
|
----------------
|
|
|
|
- Consistent logging of IKE and CHILD SAs at the audit (AUD) level.
|
|
|
|
- Improved the performance of the SQL-based virtual IP address pool
|
|
by introducing an additional addresses table. The leases table
|
|
storing only history information has become optional and can be
|
|
disabled by setting charon.plugins.sql.lease_history = no in
|
|
strongswan.conf.
|
|
|
|
- The XFRM_STATE_AF_UNSPEC flag added to xfrm.h allows IPv4-over-IPv6
|
|
and IPv6-over-IPv4 tunnels with the 2.6.26 and later Linux kernels.
|
|
|
|
- management of different virtual IP pools for different
|
|
network interfaces have become possible.
|
|
|
|
- fixed a bug which prevented the assignment of more than 256
|
|
virtual IP addresses from a pool managed by an sql database.
|
|
|
|
- fixed a bug which did not delete own IPCOMP SAs in the kernel.
|
|
|
|
|
|
strongswan-4.2.4
|
|
----------------
|
|
|
|
- Added statistics functions to ipsec pool --status and ipsec pool --leases
|
|
and input validation checks to various ipsec pool commands.
|
|
|
|
- ipsec statusall now lists all loaded charon plugins and displays
|
|
the negotiated IKEv2 cipher suite proposals.
|
|
|
|
- The openssl plugin supports the elliptic curve Diffie-Hellman groups
|
|
19, 20, 21, 25, and 26.
|
|
|
|
- The openssl plugin supports ECDSA authentication using elliptic curve
|
|
X.509 certificates.
|
|
|
|
- Fixed a bug in stroke which caused multiple charon threads to close
|
|
the file descriptors during packet transfers over the stroke socket.
|
|
|
|
- ESP sequence numbers are now migrated in IPsec SA updates handled by
|
|
MOBIKE. Works only with Linux kernels >= 2.6.17.
|
|
|
|
|
|
strongswan-4.2.3
|
|
----------------
|
|
|
|
- Fixed the strongswan.conf path configuration problem that occurred when
|
|
--sysconfig was not set explicitly in ./configure.
|
|
|
|
- Fixed a number of minor bugs that where discovered during the 4th
|
|
IKEv2 interoperability workshop in San Antonio, TX.
|
|
|
|
|
|
strongswan-4.2.2
|
|
----------------
|
|
|
|
- Plugins for libstrongswan and charon can optionally be loaded according
|
|
to a configuration in strongswan.conf. Most components provide a
|
|
"load = " option followed by a space separated list of plugins to load.
|
|
This allows e.g. the fallback from a hardware crypto accelerator to
|
|
to software-based crypto plugins.
|
|
|
|
- Charons SQL plugin has been extended by a virtual IP address pool.
|
|
Configurations with a rightsourceip=%poolname setting query a SQLite or
|
|
MySQL database for leases. The "ipsec pool" command helps in administrating
|
|
the pool database. See ipsec pool --help for the available options
|
|
|
|
- The Authenticated Encryption Algorithms AES-CCM-8/12/16 and AES-GCM-8/12/16
|
|
for ESP are now supported starting with the Linux 2.6.25 kernel. The
|
|
syntax is e.g. esp=aes128ccm12 or esp=aes256gcm16.
|
|
|
|
|
|
strongswan-4.2.1
|
|
----------------
|
|
|
|
- Support for "Hash and URL" encoded certificate payloads has been implemented
|
|
in the IKEv2 daemon charon. Using the "certuribase" option of a CA section
|
|
allows to assign a base URL to all certificates issued by the specified CA.
|
|
The final URL is then built by concatenating that base and the hex encoded
|
|
SHA1 hash of the DER encoded certificate. Note that this feature is disabled
|
|
by default and must be enabled using the option "charon.hash_and_url".
|
|
|
|
- The IKEv2 daemon charon now supports the "uniqueids" option to close multiple
|
|
IKE_SAs with the same peer. The option value "keep" prefers existing
|
|
connection setups over new ones, where the value "replace" replaces existing
|
|
connections.
|
|
|
|
- The crypto factory in libstrongswan additionaly supports random number
|
|
generators, plugins may provide other sources of randomness. The default
|
|
plugin reads raw random data from /dev/(u)random.
|
|
|
|
- Extended the credential framework by a caching option to allow plugins
|
|
persistent caching of fetched credentials. The "cachecrl" option has been
|
|
re-implemented.
|
|
|
|
- The new trustchain verification introduced in 4.2.0 has been parallelized.
|
|
Threads fetching CRL or OCSP information no longer block other threads.
|
|
|
|
- A new IKEv2 configuration attribute framework has been introduced allowing
|
|
plugins to provide virtual IP addresses, and in the future, other
|
|
configuration attribute services (e.g. DNS/WINS servers).
|
|
|
|
- The stroke plugin has been extended to provide virtual IP addresses from
|
|
a pool defined in ipsec.conf. The "rightsourceip" parameter now accepts
|
|
address pools in CIDR notation (e.g. 10.1.1.0/24). The parameter also accepts
|
|
the value "%poolname", where "poolname" identifies a pool provided by a
|
|
separate plugin.
|
|
|
|
- Fixed compilation on uClibc and a couple of other minor bugs.
|
|
|
|
- Set DPD defaults in ipsec starter to dpd_delay=30s and dpd_timeout=150s.
|
|
|
|
- The IKEv1 pluto daemon now supports the ESP encryption algorithm CAMELLIA
|
|
with key lengths of 128, 192, and 256 bits, as well as the authentication
|
|
algorithm AES_XCBC_MAC. Configuration example: esp=camellia192-aesxcbc.
|
|
|
|
|
|
strongswan-4.2.0
|
|
----------------
|
|
|
|
- libstrongswan has been modularized to attach crypto algorithms,
|
|
credential implementations (keys, certificates) and fetchers dynamically
|
|
through plugins. Existing code has been ported to plugins:
|
|
- RSA/Diffie-Hellman implementation using the GNU Multi Precision library
|
|
- X509 certificate system supporting CRLs, OCSP and attribute certificates
|
|
- Multiple plugins providing crypto algorithms in software
|
|
- CURL and OpenLDAP fetcher
|
|
|
|
- libstrongswan gained a relational database API which uses pluggable database
|
|
providers. Plugins for MySQL and SQLite are available.
|
|
|
|
- The IKEv2 keying daemon charon is more extensible. Generic plugins may provide
|
|
connection configuration, credentials and EAP methods or control the daemon.
|
|
Existing code has been ported to plugins:
|
|
- EAP-AKA, EAP-SIM, EAP-MD5 and EAP-Identity
|
|
- stroke configuration, credential and control (compatible to pluto)
|
|
- XML bases management protocol to control and query the daemon
|
|
The following new plugins are available:
|
|
- An experimental SQL configuration, credential and logging plugin on
|
|
top of either MySQL or SQLite
|
|
- A unit testing plugin to run tests at daemon startup
|
|
|
|
- The authentication and credential framework in charon has been heavily
|
|
refactored to support modular credential providers, proper
|
|
CERTREQ/CERT payload exchanges and extensible authorization rules.
|
|
|
|
- The framework of strongSwan Manager has envolved to the web application
|
|
framework libfast (FastCGI Application Server w/ Templates) and is usable
|
|
by other applications.
|
|
|
|
|
|
strongswan-4.1.11
|
|
-----------------
|
|
|
|
- IKE rekeying in NAT situations did not inherit the NAT conditions
|
|
to the rekeyed IKE_SA so that the UDP encapsulation was lost with
|
|
the next CHILD_SA rekeying.
|
|
|
|
- Wrong type definition of the next_payload variable in id_payload.c
|
|
caused an INVALID_SYNTAX error on PowerPC platforms.
|
|
|
|
- Implemented IKEv2 EAP-SIM server and client test modules that use
|
|
triplets stored in a file. For details on the configuration see
|
|
the scenario 'ikev2/rw-eap-sim-rsa'.
|
|
|
|
|
|
strongswan-4.1.10
|
|
-----------------
|
|
|
|
- Fixed error in the ordering of the certinfo_t records in the ocsp cache that
|
|
caused multiple entries of the same serial number to be created.
|
|
|
|
- Implementation of a simple EAP-MD5 module which provides CHAP
|
|
authentication. This may be interesting in conjunction with certificate
|
|
based server authentication, as weak passwords can't be brute forced
|
|
(in contradiction to traditional IKEv2 PSK).
|
|
|
|
- A complete software based implementation of EAP-AKA, using algorithms
|
|
specified in 3GPP2 (S.S0055). This implementation does not use an USIM,
|
|
but reads the secrets from ipsec.secrets. Make sure to read eap_aka.h
|
|
before using it.
|
|
|
|
- Support for vendor specific EAP methods using Expanded EAP types. The
|
|
interface to EAP modules has been slightly changed, so make sure to
|
|
check the changes if you're already rolling your own modules.
|
|
|
|
|
|
strongswan-4.1.9
|
|
----------------
|
|
|
|
- The default _updown script now dynamically inserts and removes ip6tables
|
|
firewall rules if leftfirewall=yes is set in IPv6 connections. New IPv6
|
|
net-net and roadwarrior (PSK/RSA) scenarios for both IKEv1 and IKEV2 were
|
|
added.
|
|
|
|
- Implemented RFC4478 repeated authentication to force EAP/Virtual-IP clients
|
|
to reestablish an IKE_SA within a given timeframe.
|
|
|
|
- strongSwan Manager supports configuration listing, initiation and termination
|
|
of IKE and CHILD_SAs.
|
|
|
|
- Fixes and improvements to multithreading code.
|
|
|
|
- IKEv2 plugins have been renamed to libcharon-* to avoid naming conflicts.
|
|
Make sure to remove the old plugins in $libexecdir/ipsec, otherwise they get
|
|
loaded twice.
|
|
|
|
|
|
strongswan-4.1.8
|
|
----------------
|
|
|
|
- Removed recursive pthread mutexes since uClibc doesn't support them.
|
|
|
|
|
|
strongswan-4.1.7
|
|
----------------
|
|
|
|
- In NAT traversal situations and multiple queued Quick Modes,
|
|
those pending connections inserted by auto=start after the
|
|
port floating from 500 to 4500 were erronously deleted.
|
|
|
|
- Added a "forceencaps" connection parameter to enforce UDP encapsulation
|
|
to surmount restrictive firewalls. NAT detection payloads are faked to
|
|
simulate a NAT situation and trick the other peer into NAT mode (IKEv2 only).
|
|
|
|
- Preview of strongSwan Manager, a web based configuration and monitoring
|
|
application. It uses a new XML control interface to query the IKEv2 daemon
|
|
(see http://trac.strongswan.org/wiki/Manager).
|
|
|
|
- Experimental SQLite configuration backend which will provide the configuration
|
|
interface for strongSwan Manager in future releases.
|
|
|
|
- Further improvements to MOBIKE support.
|
|
|
|
|
|
strongswan-4.1.6
|
|
----------------
|
|
|
|
- Since some third party IKEv2 implementations run into
|
|
problems with strongSwan announcing MOBIKE capability per
|
|
default, MOBIKE can be disabled on a per-connection-basis
|
|
using the mobike=no option. Whereas mobike=no disables the
|
|
sending of the MOBIKE_SUPPORTED notification and the floating
|
|
to UDP port 4500 with the IKE_AUTH request even if no NAT
|
|
situation has been detected, strongSwan will still support
|
|
MOBIKE acting as a responder.
|
|
|
|
- the default ipsec routing table plus its corresponding priority
|
|
used for inserting source routes has been changed from 100 to 220.
|
|
It can be configured using the --with-ipsec-routing-table and
|
|
--with-ipsec-routing-table-prio options.
|
|
|
|
- the --enable-integrity-test configure option tests the
|
|
integrity of the libstrongswan crypto code during the charon
|
|
startup.
|
|
|
|
- the --disable-xauth-vid configure option disables the sending
|
|
of the XAUTH vendor ID. This can be used as a workaround when
|
|
interoperating with some Windows VPN clients that get into
|
|
trouble upon reception of an XAUTH VID without eXtended
|
|
AUTHentication having been configured.
|
|
|
|
- ipsec stroke now supports the rereadsecrets, rereadaacerts,
|
|
rereadacerts, and listacerts options.
|
|
|
|
|
|
strongswan-4.1.5
|
|
----------------
|
|
|
|
- If a DNS lookup failure occurs when resolving right=%<FQDN>
|
|
or right=<FQDN> combined with rightallowany=yes then the
|
|
connection is not updated by ipsec starter thus preventing
|
|
the disruption of an active IPsec connection. Only if the DNS
|
|
lookup successfully returns with a changed IP address the
|
|
corresponding connection definition is updated.
|
|
|
|
- Routes installed by the keying daemons are now in a separate
|
|
routing table with the ID 100 to avoid conflicts with the main
|
|
table. Route lookup for IKEv2 traffic is done in userspace to ignore
|
|
routes installed for IPsec, as IKE traffic shouldn't get encapsulated.
|
|
|
|
|
|
strongswan-4.1.4
|
|
----------------
|
|
|
|
- The pluto IKEv1 daemon now exhibits the same behaviour as its
|
|
IKEv2 companion charon by inserting an explicit route via the
|
|
_updown script only if a sourceip exists. This is admissible
|
|
since routing through the IPsec tunnel is handled automatically
|
|
by NETKEY's IPsec policies. As a consequence the left|rightnexthop
|
|
parameter is not required any more.
|
|
|
|
- The new IKEv1 parameter right|leftallowany parameters helps to handle
|
|
the case where both peers possess dynamic IP addresses that are
|
|
usually resolved using DynDNS or a similar service. The configuration
|
|
|
|
right=peer.foo.bar
|
|
rightallowany=yes
|
|
|
|
can be used by the initiator to start up a connection to a peer
|
|
by resolving peer.foo.bar into the currently allocated IP address.
|
|
Thanks to the rightallowany flag the connection behaves later on
|
|
as
|
|
|
|
right=%any
|
|
|
|
so that the peer can rekey the connection as an initiator when his
|
|
IP address changes. An alternative notation is
|
|
|
|
right=%peer.foo.bar
|
|
|
|
which will implicitly set rightallowany=yes.
|
|
|
|
- ipsec starter now fails more gracefully in the presence of parsing
|
|
errors. Flawed ca and conn section are discarded and pluto is started
|
|
if non-fatal errors only were encountered. If right=%peer.foo.bar
|
|
cannot be resolved by DNS then right=%any will be used so that passive
|
|
connections as a responder are still possible.
|
|
|
|
- The new pkcs11initargs parameter that can be placed in the
|
|
setup config section of /etc/ipsec.conf allows the definition
|
|
of an argument string that is used with the PKCS#11 C_Initialize()
|
|
function. This non-standard feature is required by the NSS softoken
|
|
library. This patch was contributed by Robert Varga.
|
|
|
|
- Fixed a bug in ipsec starter introduced by strongswan-2.8.5
|
|
which caused a segmentation fault in the presence of unknown
|
|
or misspelt keywords in ipsec.conf. This bug fix was contributed
|
|
by Robert Varga.
|
|
|
|
- Partial support for MOBIKE in IKEv2. The initiator acts on interface/
|
|
address configuration changes and updates IKE and IPsec SAs dynamically.
|
|
|
|
|
|
strongswan-4.1.3
|
|
----------------
|
|
|
|
- IKEv2 peer configuration selection now can be based on a given
|
|
certification authority using the rightca= statement.
|
|
|
|
- IKEv2 authentication based on RSA signatures now can handle multiple
|
|
certificates issued for a given peer ID. This allows a smooth transition
|
|
in the case of a peer certificate renewal.
|
|
|
|
- IKEv2: Support for requesting a specific virtual IP using leftsourceip on the
|
|
client and returning requested virtual IPs using rightsourceip=%config
|
|
on the server. If the server does not support configuration payloads, the
|
|
client enforces its leftsourceip parameter.
|
|
|
|
- The ./configure options --with-uid/--with-gid allow pluto and charon
|
|
to drop their privileges to a minimum and change to an other UID/GID. This
|
|
improves the systems security, as a possible intruder may only get the
|
|
CAP_NET_ADMIN capability.
|
|
|
|
- Further modularization of charon: Pluggable control interface and
|
|
configuration backend modules provide extensibility. The control interface
|
|
for stroke is included, and further interfaces using DBUS (NetworkManager)
|
|
or XML are on the way. A backend for storing configurations in the daemon
|
|
is provided and more advanced backends (using e.g. a database) are trivial
|
|
to implement.
|
|
|
|
- Fixed a compilation failure in libfreeswan occuring with Linux kernel
|
|
headers > 2.6.17.
|
|
|
|
|
|
strongswan-4.1.2
|
|
----------------
|
|
|
|
- Support for an additional Diffie-Hellman exchange when creating/rekeying
|
|
a CHILD_SA in IKEv2 (PFS). PFS is enabled when the proposal contains a
|
|
DH group (e.g. "esp=aes128-sha1-modp1536"). Further, DH group negotiation
|
|
is implemented properly for rekeying.
|
|
|
|
- Support for the AES-XCBC-96 MAC algorithm for IPsec SAs when using IKEv2
|
|
(requires linux >= 2.6.20). It is enabled using e.g. "esp=aes256-aesxcbc".
|
|
|
|
- Working IPv4-in-IPv6 and IPv6-in-IPv4 tunnels for linux >= 2.6.21.
|
|
|
|
- Added support for EAP modules which do not establish an MSK.
|
|
|
|
- Removed the dependencies from the /usr/include/linux/ headers by
|
|
including xfrm.h, ipsec.h, and pfkeyv2.h in the distribution.
|
|
|
|
- crlNumber is now listed by ipsec listcrls
|
|
|
|
- The xauth_modules.verify_secret() function now passes the
|
|
connection name.
|
|
|
|
|
|
strongswan-4.1.1
|
|
----------------
|
|
|
|
- Server side cookie support. If to may IKE_SAs are in CONNECTING state,
|
|
cookies are enabled and protect against DoS attacks with faked source
|
|
addresses. Number of IKE_SAs in CONNECTING state is also limited per
|
|
peer address to avoid resource exhaustion. IKE_SA_INIT messages are
|
|
compared to properly detect retransmissions and incoming retransmits are
|
|
detected even if the IKE_SA is blocked (e.g. doing OCSP fetches).
|
|
|
|
- The IKEv2 daemon charon now supports dynamic http- and ldap-based CRL
|
|
fetching enabled by crlcheckinterval > 0 and caching fetched CRLs
|
|
enabled by cachecrls=yes.
|
|
|
|
- Added the configuration options --enable-nat-transport which enables
|
|
the potentially insecure NAT traversal for IPsec transport mode and
|
|
--disable-vendor-id which disables the sending of the strongSwan
|
|
vendor ID.
|
|
|
|
- Fixed a long-standing bug in the pluto IKEv1 daemon which caused
|
|
a segmentation fault if a malformed payload was detected in the
|
|
IKE MR2 message and pluto tried to send an encrypted notification
|
|
message.
|
|
|
|
- Added the NATT_IETF_02_N Vendor ID in order to support IKEv1 connections
|
|
with Windows 2003 Server which uses a wrong VID hash.
|
|
|
|
|
|
strongswan-4.1.0
|
|
----------------
|
|
|
|
- Support of SHA2_384 hash function for protecting IKEv1
|
|
negotiations and support of SHA2 signatures in X.509 certificates.
|
|
|
|
- Fixed a serious bug in the computation of the SHA2-512 HMAC
|
|
function. Introduced automatic self-test of all IKEv1 hash
|
|
and hmac functions during pluto startup. Failure of a self-test
|
|
currently issues a warning only but does not exit pluto [yet].
|
|
|
|
- Support for SHA2-256/384/512 PRF and HMAC functions in IKEv2.
|
|
|
|
- Full support of CA information sections. ipsec listcainfos
|
|
now shows all collected crlDistributionPoints and OCSP
|
|
accessLocations.
|
|
|
|
- Support of the Online Certificate Status Protocol (OCSP) for IKEv2.
|
|
This feature requires the HTTP fetching capabilities of the libcurl
|
|
library which must be enabled by setting the --enable-http configure
|
|
option.
|
|
|
|
- Refactored core of the IKEv2 message processing code, allowing better
|
|
code reuse and separation.
|
|
|
|
- Virtual IP support in IKEv2 using INTERNAL_IP4/6_ADDRESS configuration
|
|
payload. Additionally, the INTERNAL_IP4/6_DNS attribute is interpreted
|
|
by the requestor and installed in a resolv.conf file.
|
|
|
|
- The IKEv2 daemon charon installs a route for each IPsec policy to use
|
|
the correct source address even if an application does not explicitly
|
|
specify it.
|
|
|
|
- Integrated the EAP framework into charon which loads pluggable EAP library
|
|
modules. The ipsec.conf parameter authby=eap initiates EAP authentication
|
|
on the client side, while the "eap" parameter on the server side defines
|
|
the EAP method to use for client authentication.
|
|
A generic client side EAP-Identity module and an EAP-SIM authentication
|
|
module using a third party card reader implementation are included.
|
|
|
|
- Added client side support for cookies.
|
|
|
|
- Integrated the fixes done at the IKEv2 interoperability bakeoff, including
|
|
strict payload order, correct INVALID_KE_PAYLOAD rejection and other minor
|
|
fixes to enhance interoperability with other implementations.
|
|
|
|
|
|
strongswan-4.0.7
|
|
----------------
|
|
|
|
- strongSwan now interoperates with the NCP Secure Entry Client,
|
|
the Shrew Soft VPN Client, and the Cisco VPN client, doing both
|
|
XAUTH and Mode Config.
|
|
|
|
- UNITY attributes are now recognized and UNITY_BANNER is set
|
|
to a default string.
|
|
|
|
|
|
strongswan-4.0.6
|
|
----------------
|
|
|
|
- IKEv1: Support for extended authentication (XAUTH) in combination
|
|
with ISAKMP Main Mode RSA or PSK authentication. Both client and
|
|
server side were implemented. Handling of user credentials can
|
|
be done by a run-time loadable XAUTH module. By default user
|
|
credentials are stored in ipsec.secrets.
|
|
|
|
- IKEv2: Support for reauthentication when rekeying
|
|
|
|
- IKEv2: Support for transport mode
|
|
|
|
- fixed a lot of bugs related to byte order
|
|
|
|
- various other bugfixes
|
|
|
|
|
|
strongswan-4.0.5
|
|
----------------
|
|
|
|
- IKEv1: Implementation of ModeConfig push mode via the new connection
|
|
keyword modeconfig=push allows interoperability with Cisco VPN gateways.
|
|
|
|
- IKEv1: The command ipsec statusall now shows "DPD active" for all
|
|
ISAKMP SAs that are under active Dead Peer Detection control.
|
|
|
|
- IKEv2: Charon's logging and debugging framework has been completely rewritten.
|
|
Instead of logger, special printf() functions are used to directly
|
|
print objects like hosts (%H) identifications (%D), certificates (%Q),
|
|
etc. The number of debugging levels have been reduced to:
|
|
|
|
0 (audit), 1 (control), 2 (controlmore), 3 (raw), 4 (private)
|
|
|
|
The debugging levels can either be specified statically in ipsec.conf as
|
|
|
|
config setup
|
|
charondebug="lib 1, cfg 3, net 2"
|
|
|
|
or changed at runtime via stroke as
|
|
|
|
ipsec stroke loglevel cfg 2
|
|
|
|
|
|
strongswan-4.0.4
|
|
----------------
|
|
|
|
- Implemented full support for IPv6-in-IPv6 tunnels.
|
|
|
|
- Added configuration options for dead peer detection in IKEv2. dpd_action
|
|
types "clear", "hold" and "restart" are supported. The dpd_timeout
|
|
value is not used, as the normal retransmission policy applies to
|
|
detect dead peers. The dpd_delay parameter enables sending of empty
|
|
informational message to detect dead peers in case of inactivity.
|
|
|
|
- Added support for preshared keys in IKEv2. PSK keys configured in
|
|
ipsec.secrets are loaded. The authby parameter specifies the authentication
|
|
method to authentificate ourself, the other peer may use PSK or RSA.
|
|
|
|
- Changed retransmission policy to respect the keyingtries parameter.
|
|
|
|
- Added private key decryption. PEM keys encrypted with AES-128/192/256
|
|
or 3DES are supported.
|
|
|
|
- Implemented DES/3DES algorithms in libstrongswan. 3DES can be used to
|
|
encrypt IKE traffic.
|
|
|
|
- Implemented SHA-256/384/512 in libstrongswan, allows usage of certificates
|
|
signed with such a hash algorithm.
|
|
|
|
- Added initial support for updown scripts. The actions up-host/client and
|
|
down-host/client are executed. The leftfirewall=yes parameter
|
|
uses the default updown script to insert dynamic firewall rules, a custom
|
|
updown script may be specified with the leftupdown parameter.
|
|
|
|
|
|
strongswan-4.0.3
|
|
----------------
|
|
|
|
- Added support for the auto=route ipsec.conf parameter and the
|
|
ipsec route/unroute commands for IKEv2. This allows to set up IKE_SAs and
|
|
CHILD_SAs dynamically on demand when traffic is detected by the
|
|
kernel.
|
|
|
|
- Added support for rekeying IKE_SAs in IKEv2 using the ikelifetime parameter.
|
|
As specified in IKEv2, no reauthentication is done (unlike in IKEv1), only
|
|
new keys are generated using perfect forward secrecy. An optional flag
|
|
which enforces reauthentication will be implemented later.
|
|
|
|
- "sha" and "sha1" are now treated as synonyms in the ike= and esp=
|
|
algorithm configuration statements.
|
|
|
|
|
|
strongswan-4.0.2
|
|
----------------
|
|
|
|
- Full X.509 certificate trust chain verification has been implemented.
|
|
End entity certificates can be exchanged via CERT payloads. The current
|
|
default is leftsendcert=always, since CERTREQ payloads are not supported
|
|
yet. Optional CRLs must be imported locally into /etc/ipsec.d/crls.
|
|
|
|
- Added support for leftprotoport/rightprotoport parameters in IKEv2. IKEv2
|
|
would offer more possibilities for traffic selection, but the Linux kernel
|
|
currently does not support it. That's why we stick with these simple
|
|
ipsec.conf rules for now.
|
|
|
|
- Added Dead Peer Detection (DPD) which checks liveliness of remote peer if no
|
|
IKE or ESP traffic is received. DPD is currently hardcoded (dpdaction=clear,
|
|
dpddelay=60s).
|
|
|
|
- Initial NAT traversal support in IKEv2. Charon includes NAT detection
|
|
notify payloads to detect NAT routers between the peers. It switches
|
|
to port 4500, uses UDP encapsulated ESP packets, handles peer address
|
|
changes gracefully and sends keep alive message periodically.
|
|
|
|
- Reimplemented IKE_SA state machine for charon, which allows simultaneous
|
|
rekeying, more shared code, cleaner design, proper retransmission
|
|
and a more extensible code base.
|
|
|
|
- The mixed PSK/RSA roadwarrior detection capability introduced by the
|
|
strongswan-2.7.0 release necessitated the pre-parsing of the IKE proposal
|
|
payloads by the responder right before any defined IKE Main Mode state had
|
|
been established. Although any form of bad proposal syntax was being correctly
|
|
detected by the payload parser, the subsequent error handler didn't check
|
|
the state pointer before logging current state information, causing an
|
|
immediate crash of the pluto keying daemon due to a NULL pointer.
|
|
|
|
|
|
strongswan-4.0.1
|
|
----------------
|
|
|
|
- Added algorithm selection to charon: New default algorithms for
|
|
ike=aes128-sha-modp2048, as both daemons support it. The default
|
|
for IPsec SAs is now esp=aes128-sha,3des-md5. charon handles
|
|
the ike/esp parameter the same way as pluto. As this syntax does
|
|
not allow specification of a pseudo random function, the same
|
|
algorithm as for integrity is used (currently sha/md5). Supported
|
|
algorithms for IKE:
|
|
Encryption: aes128, aes192, aes256
|
|
Integrity/PRF: md5, sha (using hmac)
|
|
DH-Groups: modp768, 1024, 1536, 2048, 4096, 8192
|
|
and for ESP:
|
|
Encryption: aes128, aes192, aes256, 3des, blowfish128,
|
|
blowfish192, blowfish256
|
|
Integrity: md5, sha1
|
|
More IKE encryption algorithms will come after porting libcrypto into
|
|
libstrongswan.
|
|
|
|
- initial support for rekeying CHILD_SAs using IKEv2. Currently no
|
|
perfect forward secrecy is used. The rekeying parameters rekey,
|
|
rekeymargin, rekeyfuzz and keylife from ipsec.conf are now supported
|
|
when using IKEv2. WARNING: charon currently is unable to handle
|
|
simultaneous rekeying. To avoid such a situation, use a large
|
|
rekeyfuzz, or even better, set rekey=no on one peer.
|
|
|
|
- support for host2host, net2net, host2net (roadwarrior) tunnels
|
|
using predefined RSA certificates (see uml scenarios for
|
|
configuration examples).
|
|
|
|
- new build environment featuring autotools. Features such
|
|
as HTTP, LDAP and smartcard support may be enabled using
|
|
the ./configure script. Changing install directories
|
|
is possible, too. See ./configure --help for more details.
|
|
|
|
- better integration of charon with ipsec starter, which allows
|
|
(almost) transparent operation with both daemons. charon
|
|
handles ipsec commands up, down, status, statusall, listall,
|
|
listcerts and allows proper load, reload and delete of connections
|
|
via ipsec starter.
|
|
|
|
|
|
strongswan-4.0.0
|
|
----------------
|
|
|
|
- initial support of the IKEv2 protocol. Connections in
|
|
ipsec.conf designated by keyexchange=ikev2 are negotiated
|
|
by the new IKEv2 charon keying daemon whereas those marked
|
|
by keyexchange=ikev1 or the default keyexchange=ike are
|
|
handled thy the IKEv1 pluto keying daemon. Currently only
|
|
a limited subset of functions are available with IKEv2
|
|
(Default AES encryption, authentication based on locally
|
|
imported X.509 certificates, unencrypted private RSA keys
|
|
in PKCS#1 file format, limited functionality of the ipsec
|
|
status command).
|
|
|
|
|
|
strongswan-2.7.0
|
|
----------------
|
|
|
|
- the dynamic iptables rules from the _updown_x509 template
|
|
for KLIPS and the _updown_policy template for NETKEY have
|
|
been merged into the default _updown script. The existing
|
|
left|rightfirewall keyword causes the automatic insertion
|
|
and deletion of ACCEPT rules for tunneled traffic upon
|
|
the successful setup and teardown of an IPsec SA, respectively.
|
|
left|rightfirwall can be used with KLIPS under any Linux 2.4
|
|
kernel or with NETKEY under a Linux kernel version >= 2.6.16
|
|
in conjuction with iptables >= 1.3.5. For NETKEY under a Linux
|
|
kernel version < 2.6.16 which does not support IPsec policy
|
|
matching yet, please continue to use a copy of the _updown_espmark
|
|
template loaded via the left|rightupdown keyword.
|
|
|
|
- a new left|righthostaccess keyword has been introduced which
|
|
can be used in conjunction with left|rightfirewall and the
|
|
default _updown script. By default leftfirewall=yes inserts
|
|
a bi-directional iptables FORWARD rule for a local client network
|
|
with a netmask different from 255.255.255.255 (single host).
|
|
This does not allow to access the VPN gateway host via its
|
|
internal network interface which is part of the client subnet
|
|
because an iptables INPUT and OUTPUT rule would be required.
|
|
lefthostaccess=yes will cause this additional ACCEPT rules to
|
|
be inserted.
|
|
|
|
- mixed PSK|RSA roadwarriors are now supported. The ISAKMP proposal
|
|
payload is preparsed in order to find out whether the roadwarrior
|
|
requests PSK or RSA so that a matching connection candidate can
|
|
be found.
|
|
|
|
|
|
strongswan-2.6.4
|
|
----------------
|
|
|
|
- the new _updown_policy template allows ipsec policy based
|
|
iptables firewall rules. Required are iptables version
|
|
>= 1.3.5 and linux kernel >= 2.6.16. This script obsoletes
|
|
the _updown_espmark template, so that no INPUT mangle rules
|
|
are required any more.
|
|
|
|
- added support of DPD restart mode
|
|
|
|
- ipsec starter now allows the use of wildcards in include
|
|
statements as e.g. in "include /etc/my_ipsec/*.conf".
|
|
Patch courtesy of Matthias Haas.
|
|
|
|
- the Netscape OID 'employeeNumber' is now recognized and can be
|
|
used as a Relative Distinguished Name in certificates.
|
|
|
|
|
|
strongswan-2.6.3
|
|
----------------
|
|
|
|
- /etc/init.d/ipsec or /etc/rc.d/ipsec is now a copy of the ipsec
|
|
command and not of ipsec setup any more.
|
|
|
|
- ipsec starter now supports AH authentication in conjunction with
|
|
ESP encryption. AH authentication is configured in ipsec.conf
|
|
via the auth=ah parameter.
|
|
|
|
- The command ipsec scencrypt|scdecrypt <args> is now an alias for
|
|
ipsec whack --scencrypt|scdecrypt <args>.
|
|
|
|
- get_sa_info() now determines for the native netkey IPsec stack
|
|
the exact time of the last use of an active eroute. This information
|
|
is used by the Dead Peer Detection algorithm and is also displayed by
|
|
the ipsec status command.
|
|
|
|
|
|
strongswan-2.6.2
|
|
----------------
|
|
|
|
- running under the native Linux 2.6 IPsec stack, the function
|
|
get_sa_info() is called by ipsec auto --status to display the current
|
|
number of transmitted bytes per IPsec SA.
|
|
|
|
- get_sa_info() is also used by the Dead Peer Detection process to detect
|
|
recent ESP activity. If ESP traffic was received from the peer within
|
|
the last dpd_delay interval then no R_Y_THERE notification must be sent.
|
|
|
|
- strongSwan now supports the Relative Distinguished Name "unstructuredName"
|
|
in ID_DER_ASN1_DN identities. The following notations are possible:
|
|
|
|
rightid="unstructuredName=John Doe"
|
|
rightid="UN=John Doe"
|
|
|
|
- fixed a long-standing bug which caused PSK-based roadwarrior connections
|
|
to segfault in the function id.c:same_id() called by keys.c:get_secret()
|
|
if an FQDN, USER_FQDN, or Key ID was defined, as in the following example.
|
|
|
|
conn rw
|
|
right=%any
|
|
rightid=@foo.bar
|
|
authby=secret
|
|
|
|
- the ipsec command now supports most ipsec auto commands (e.g. ipsec listall).
|
|
|
|
- ipsec starter didn't set host_addr and client.addr ports in whack msg.
|
|
|
|
- in order to guarantee backwards-compatibility with the script-based
|
|
auto function (e.g. auto --replace), the ipsec starter scripts stores
|
|
the defaultroute information in the temporary file /var/run/ipsec.info.
|
|
|
|
- The compile-time option USE_XAUTH_VID enables the sending of the XAUTH
|
|
Vendor ID which is expected by Cisco PIX 7 boxes that act as IKE Mode Config
|
|
servers.
|
|
|
|
- the ipsec starter now also recognizes the parameters authby=never and
|
|
type=passthrough|pass|drop|reject.
|
|
|
|
|
|
strongswan-2.6.1
|
|
----------------
|
|
|
|
- ipsec starter now supports the also parameter which allows
|
|
a modular structure of the connection definitions. Thus
|
|
"ipsec start" is now ready to replace "ipsec setup".
|
|
|
|
|
|
strongswan-2.6.0
|
|
----------------
|
|
|
|
- Mathieu Lafon's popular ipsec starter tool has been added to the
|
|
strongSwan distribution. Many thanks go to Stephan Scholz from astaro
|
|
for his integration work. ipsec starter is a C program which is going
|
|
to replace the various shell and awk starter scripts (setup, _plutoload,
|
|
_plutostart, _realsetup, _startklips, _confread, and auto). Since
|
|
ipsec.conf is now parsed only once, the starting of multiple tunnels is
|
|
accelerated tremedously.
|
|
|
|
- Added support of %defaultroute to the ipsec starter. If the IP address
|
|
changes, a HUP signal to the ipsec starter will automatically
|
|
reload pluto's connections.
|
|
|
|
- moved most compile time configurations from pluto/Makefile to
|
|
Makefile.inc by defining the options USE_LIBCURL, USE_LDAP,
|
|
USE_SMARTCARD, and USE_NAT_TRAVERSAL_TRANSPORT_MODE.
|
|
|
|
- removed the ipsec verify and ipsec newhostkey commands
|
|
|
|
- fixed some 64-bit issues in formatted print statements
|
|
|
|
- The scepclient functionality implementing the Simple Certificate
|
|
Enrollment Protocol (SCEP) is nearly complete but hasn't been
|
|
documented yet.
|
|
|
|
|
|
strongswan-2.5.7
|
|
----------------
|
|
|
|
- CA certicates are now automatically loaded from a smartcard
|
|
or USB crypto token and appear in the ipsec auto --listcacerts
|
|
listing.
|
|
|
|
|
|
strongswan-2.5.6
|
|
----------------
|
|
|
|
- when using "ipsec whack --scencrypt <data>" with a PKCS#11
|
|
library that does not support the C_Encrypt() Cryptoki
|
|
function (e.g. OpenSC), the RSA encryption is done in
|
|
software using the public key fetched from the smartcard.
|
|
|
|
- The scepclient function now allows to define the
|
|
validity of a self-signed certificate using the --days,
|
|
--startdate, and --enddate options. The default validity
|
|
has been changed from one year to five years.
|
|
|
|
|
|
strongswan-2.5.5
|
|
----------------
|
|
|
|
- the config setup parameter pkcs11proxy=yes opens pluto's PKCS#11
|
|
interface to other applications for RSA encryption and decryption
|
|
via the whack interface. Notation:
|
|
|
|
ipsec whack --scencrypt <data>
|
|
[--inbase 16|hex|64|base64|256|text|ascii]
|
|
[--outbase 16|hex|64|base64|256|text|ascii]
|
|
[--keyid <keyid>]
|
|
|
|
ipsec whack --scdecrypt <data>
|
|
[--inbase 16|hex|64|base64|256|text|ascii]
|
|
[--outbase 16|hex|64|base64|256|text|ascii]
|
|
[--keyid <keyid>]
|
|
|
|
The default setting for inbase and outbase is hex.
|
|
|
|
The new proxy interface can be used for securing symmetric
|
|
encryption keys required by the cryptoloop or dm-crypt
|
|
disk encryption schemes, especially in the case when
|
|
pkcs11keepstate=yes causes pluto to lock the pkcs11 slot
|
|
permanently.
|
|
|
|
- if the file /etc/ipsec.secrets is lacking during the startup of
|
|
pluto then the root-readable file /etc/ipsec.d/private/myKey.der
|
|
containing a 2048 bit RSA private key and a matching self-signed
|
|
certificate stored in the file /etc/ipsec.d/certs/selfCert.der
|
|
is automatically generated by calling the function
|
|
|
|
ipsec scepclient --out pkcs1 --out cert-self
|
|
|
|
scepclient was written by Jan Hutter and Martin Willi, students
|
|
at the University of Applied Sciences in Rapperswil, Switzerland.
|
|
|
|
|
|
strongswan-2.5.4
|
|
----------------
|
|
|
|
- the current extension of the PKCS#7 framework introduced
|
|
a parsing error in PKCS#7 wrapped X.509 certificates that are
|
|
e.g. transmitted by Windows XP when multi-level CAs are used.
|
|
the parsing syntax has been fixed.
|
|
|
|
- added a patch by Gerald Richter which tolerates multiple occurrences
|
|
of the ipsec0 interface when using KLIPS.
|
|
|
|
|
|
strongswan-2.5.3
|
|
----------------
|
|
|
|
- with gawk-3.1.4 the word "default2 has become a protected
|
|
keyword for use in switch statements and cannot be used any
|
|
more in the strongSwan scripts. This problem has been
|
|
solved by renaming "default" to "defaults" and "setdefault"
|
|
in the scripts _confread and auto, respectively.
|
|
|
|
- introduced the parameter leftsendcert with the values
|
|
|
|
always|yes (the default, always send a cert)
|
|
ifasked (send the cert only upon a cert request)
|
|
never|no (never send a cert, used for raw RSA keys and
|
|
self-signed certs)
|
|
|
|
- fixed the initialization of the ESP key length to a default of
|
|
128 bits in the case that the peer does not send a key length
|
|
attribute for AES encryption.
|
|
|
|
- applied Herbert Xu's uniqueIDs patch
|
|
|
|
- applied Herbert Xu's CLOEXEC patches
|
|
|
|
|
|
strongswan-2.5.2
|
|
----------------
|
|
|
|
- CRLs can now be cached also in the case when the issuer's
|
|
certificate does not contain a subjectKeyIdentifier field.
|
|
In that case the subjectKeyIdentifier is computed by pluto as the
|
|
160 bit SHA-1 hash of the issuer's public key in compliance
|
|
with section 4.2.1.2 of RFC 3280.
|
|
|
|
- Fixed a bug introduced by strongswan-2.5.1 which eliminated
|
|
not only multiple Quick Modes of a given connection but also
|
|
multiple connections between two security gateways.
|
|
|
|
|
|
strongswan-2.5.1
|
|
----------------
|
|
|
|
- Under the native IPsec of the Linux 2.6 kernel, a %trap eroute
|
|
installed either by setting auto=route in ipsec.conf or by
|
|
a connection put into hold, generates an XFRM_AQUIRE event
|
|
for each packet that wants to use the not-yet exisiting
|
|
tunnel. Up to now each XFRM_AQUIRE event led to an entry in
|
|
the Quick Mode queue, causing multiple IPsec SA to be
|
|
established in rapid succession. Starting with strongswan-2.5.1
|
|
only a single IPsec SA is established per host-pair connection.
|
|
|
|
- Right after loading the PKCS#11 module, all smartcard slots are
|
|
searched for certificates. The result can be viewed using
|
|
the command
|
|
|
|
ipsec auto --listcards
|
|
|
|
The certificate objects found in the slots are numbered
|
|
starting with #1, #2, etc. This position number can be used to address
|
|
certificates (leftcert=%smartcard) and keys (: PIN %smartcard)
|
|
in ipsec.conf and ipsec.secrets, respectively:
|
|
|
|
%smartcard (selects object #1)
|
|
%smartcard#1 (selects object #1)
|
|
%smartcard#3 (selects object #3)
|
|
|
|
As an alternative the existing retrieval scheme can be used:
|
|
|
|
%smartcard:45 (selects object with id=45)
|
|
%smartcard0 (selects first object in slot 0)
|
|
%smartcard4:45 (selects object in slot 4 with id=45)
|
|
|
|
- Depending on the settings of CKA_SIGN and CKA_DECRYPT
|
|
private key flags either C_Sign() or C_Decrypt() is used
|
|
to generate a signature.
|
|
|
|
- The output buffer length parameter siglen in C_Sign()
|
|
is now initialized to the actual size of the output
|
|
buffer prior to the function call. This fixes the
|
|
CKR_BUFFER_TOO_SMALL error that could occur when using
|
|
the OpenSC PKCS#11 module.
|
|
|
|
- Changed the initialization of the PKCS#11 CK_MECHANISM in
|
|
C_SignInit() to mech = { CKM_RSA_PKCS, NULL_PTR, 0 }.
|
|
|
|
- Refactored the RSA public/private key code and transferred it
|
|
from keys.c to the new pkcs1.c file as a preparatory step
|
|
towards the release of the SCEP client.
|
|
|
|
|
|
strongswan-2.5.0
|
|
----------------
|
|
|
|
- The loading of a PKCS#11 smartcard library module during
|
|
runtime does not require OpenSC library functions any more
|
|
because the corresponding code has been integrated into
|
|
smartcard.c. Also the RSAREF pkcs11 header files have been
|
|
included in a newly created pluto/rsaref directory so that
|
|
no external include path has to be defined any longer.
|
|
|
|
- A long-awaited feature has been implemented at last:
|
|
The local caching of CRLs fetched via HTTP or LDAP, activated
|
|
by the parameter cachecrls=yes in the config setup section
|
|
of ipsec.conf. The dynamically fetched CRLs are stored under
|
|
a unique file name containing the issuer's subjectKeyID
|
|
in /etc/ipsec.d/crls.
|
|
|
|
- Applied a one-line patch courtesy of Michael Richardson
|
|
from the Openswan project which fixes the kernel-oops
|
|
in KLIPS when an snmp daemon is running on the same box.
|
|
|
|
|
|
strongswan-2.4.4
|
|
----------------
|
|
|
|
- Eliminated null length CRL distribution point strings.
|
|
|
|
- Fixed a trust path evaluation bug introduced with 2.4.3
|
|
|
|
|
|
strongswan-2.4.3
|
|
----------------
|
|
|
|
- Improved the joint OCSP / CRL revocation policy.
|
|
OCSP responses have precedence over CRL entries.
|
|
|
|
- Introduced support of CRLv2 reason codes.
|
|
|
|
- Fixed a bug with key-pad equipped readers which caused
|
|
pluto to prompt for the pin via the console when the first
|
|
occasion to enter the pin via the key-pad was missed.
|
|
|
|
- When pluto is built with LDAP_V3 enabled, the library
|
|
liblber required by newer versions of openldap is now
|
|
included.
|
|
|
|
|
|
strongswan-2.4.2
|
|
----------------
|
|
|
|
- Added the _updown_espmark template which requires all
|
|
incoming ESP traffic to be marked with a default mark
|
|
value of 50.
|
|
|
|
- Introduced the pkcs11keepstate parameter in the config setup
|
|
section of ipsec.conf. With pkcs11keepstate=yes the PKCS#11
|
|
session and login states are kept as long as possible during
|
|
the lifetime of pluto. This means that a PIN entry via a key
|
|
pad has to be done only once.
|
|
|
|
- Introduced the pkcs11module parameter in the config setup
|
|
section of ipsec.conf which specifies the PKCS#11 module
|
|
to be used with smart cards. Example:
|
|
|
|
pkcs11module=/usr/lib/pkcs11/opensc-pkcs11.lo
|
|
|
|
- Added support of smartcard readers equipped with a PIN pad.
|
|
|
|
- Added patch by Jay Pfeifer which detects when netkey
|
|
modules have been statically built into the Linux 2.6 kernel.
|
|
|
|
- Added two patches by Herbert Xu. The first uses ip xfrm
|
|
instead of setkey to flush the IPsec policy database. The
|
|
second sets the optional flag in inbound IPComp SAs only.
|
|
|
|
- Applied Ulrich Weber's patch which fixes an interoperability
|
|
problem between native IPsec and KLIPS systems caused by
|
|
setting the replay window to 32 instead of 0 for ipcomp.
|
|
|
|
|
|
strongswan-2.4.1
|
|
----------------
|
|
|
|
- Fixed a bug which caused an unwanted Mode Config request
|
|
to be initiated in the case where "right" was used to denote
|
|
the local side in ipsec.conf and "left" the remote side,
|
|
contrary to the recommendation that "right" be remote and
|
|
"left" be"local".
|
|
|
|
|
|
strongswan-2.4.0a
|
|
-----------------
|
|
|
|
- updated Vendor ID to strongSwan-2.4.0
|
|
|
|
- updated copyright statement to include David Buechi and
|
|
Michael Meier
|
|
|
|
|
|
strongswan-2.4.0
|
|
----------------
|
|
|
|
- strongSwan now communicates with attached smartcards and
|
|
USB crypto tokens via the standardized PKCS #11 interface.
|
|
By default the OpenSC library from www.opensc.org is used
|
|
but any other PKCS#11 library could be dynamically linked.
|
|
strongSwan's PKCS#11 API was implemented by David Buechi
|
|
and Michael Meier, both graduates of the Zurich University
|
|
of Applied Sciences in Winterthur, Switzerland.
|
|
|
|
- When a %trap eroute is triggered by an outgoing IP packet
|
|
then the native IPsec stack of the Linux 2.6 kernel [often/
|
|
always?] returns an XFRM_ACQUIRE message with an undefined
|
|
protocol family field and the connection setup fails.
|
|
As a workaround IPv4 (AF_INET) is now assumed.
|
|
|
|
- the results of the UML test scenarios are now enhanced
|
|
with block diagrams of the virtual network topology used
|
|
in a particular test.
|
|
|
|
|
|
strongswan-2.3.2
|
|
----------------
|
|
|
|
- fixed IV used to decrypt informational messages.
|
|
This bug was introduced with Mode Config functionality.
|
|
|
|
- fixed NCP Vendor ID.
|
|
|
|
- undid one of Ulrich Weber's maximum udp size patches
|
|
because it caused a segmentation fault with NAT-ed
|
|
Delete SA messages.
|
|
|
|
- added UML scenarios wildcards and attr-cert which
|
|
demonstrate the implementation of IPsec policies based
|
|
on wildcard parameters contained in Distinguished Names and
|
|
on X.509 attribute certificates, respectively.
|
|
|
|
|
|
strongswan-2.3.1
|
|
----------------
|
|
|
|
- Added basic Mode Config functionality
|
|
|
|
- Added Mathieu Lafon's patch which upgrades the status of
|
|
the NAT-Traversal implementation to RFC 3947.
|
|
|
|
- The _startklips script now also loads the xfrm4_tunnel
|
|
module.
|
|
|
|
- Added Ulrich Weber's netlink replay window size and
|
|
maximum udp size patches.
|
|
|
|
- UML testing now uses the Linux 2.6.10 UML kernel by default.
|
|
|
|
|
|
strongswan-2.3.0
|
|
----------------
|
|
|
|
- Eric Marchionni and Patrik Rayo, both recent graduates from
|
|
the Zuercher Hochschule Winterthur in Switzerland, created a
|
|
User-Mode-Linux test setup for strongSwan. For more details
|
|
please read the INSTALL and README documents in the testing
|
|
subdirectory.
|
|
|
|
- Full support of group attributes based on X.509 attribute
|
|
certificates. Attribute certificates can be generated
|
|
using the openac facility. For more details see
|
|
|
|
man ipsec_openac.
|
|
|
|
The group attributes can be used in connection definitions
|
|
in order to give IPsec access to specific user groups.
|
|
This is done with the new parameter left|rightgroups as in
|
|
|
|
rightgroups="Research, Sales"
|
|
|
|
giving access to users possessing the group attributes
|
|
Research or Sales, only.
|
|
|
|
- In Quick Mode clients with subnet mask /32 are now
|
|
coded as IP_V4_ADDRESS or IP_V6_ADDRESS. This should
|
|
fix rekeying problems with the SafeNet/SoftRemote and NCP
|
|
Secure Entry Clients.
|
|
|
|
- Changed the defaults of the ikelifetime and keylife parameters
|
|
to 3h and 1h, respectively. The maximum allowable values are
|
|
now both set to 24 h.
|
|
|
|
- Suppressed notification wars between two IPsec peers that
|
|
could e.g. be triggered by incorrect ISAKMP encryption.
|
|
|
|
- Public RSA keys can now have identical IDs if either the
|
|
issuing CA or the serial number is different. The serial
|
|
number of a certificate is now shown by the command
|
|
|
|
ipsec auto --listpubkeys
|
|
|
|
|
|
strongswan-2.2.2
|
|
----------------
|
|
|
|
- Added Tuomo Soini's sourceip feature which allows a strongSwan
|
|
roadwarrior to use a fixed Virtual IP (see README section 2.6)
|
|
and reduces the well-known four tunnel case on VPN gateways to
|
|
a single tunnel definition (see README section 2.4).
|
|
|
|
- Fixed a bug occuring with NAT-Traversal enabled when the responder
|
|
suddenly turns initiator and the initiator cannot find a matching
|
|
connection because of the floated IKE port 4500.
|
|
|
|
- Removed misleading ipsec verify command from barf.
|
|
|
|
- Running under the native IP stack, ipsec --version now shows
|
|
the Linux kernel version (courtesy to the Openswan project).
|
|
|
|
|
|
strongswan-2.2.1
|
|
----------------
|
|
|
|
- Introduced the ipsec auto --listalgs monitoring command which lists
|
|
all currently registered IKE and ESP algorithms.
|
|
|
|
- Fixed a bug in the ESP algorithm selection occuring when the strict flag
|
|
is set and the first proposed transform does not match.
|
|
|
|
- Fixed another deadlock in the use of the lock_certs_and_keys() mutex,
|
|
occuring when a smartcard is present.
|
|
|
|
- Prevented that a superseded Phase1 state can trigger a DPD_TIMEOUT event.
|
|
|
|
- Fixed the printing of the notification names (null)
|
|
|
|
- Applied another of Herbert Xu's Netlink patches.
|
|
|
|
|
|
strongswan-2.2.0
|
|
----------------
|
|
|
|
- Support of Dead Peer Detection. The connection parameter
|
|
|
|
dpdaction=clear|hold
|
|
|
|
activates DPD for the given connection.
|
|
|
|
- The default Opportunistic Encryption (OE) policy groups are not
|
|
automatically included anymore. Those wishing to activate OE can include
|
|
the policy group with the following statement in ipsec.conf:
|
|
|
|
include /etc/ipsec.d/examples/oe.conf
|
|
|
|
The default for [right|left]rsasigkey is now set to %cert.
|
|
|
|
- strongSwan now has a Vendor ID of its own which can be activated
|
|
using the compile option VENDORID
|
|
|
|
- Applied Herbert Xu's patch which sets the compression algorithm correctly.
|
|
|
|
- Applied Herbert Xu's patch fixing an ESPINUDP problem
|
|
|
|
- Applied Herbert Xu's patch setting source/destination port numbers.
|
|
|
|
- Reapplied one of Herbert Xu's NAT-Traversal patches which got
|
|
lost during the migration from SuperFreeS/WAN.
|
|
|
|
- Fixed a deadlock in the use of the lock_certs_and_keys() mutex.
|
|
|
|
- Fixed the unsharing of alg parameters when instantiating group
|
|
connection.
|
|
|
|
|
|
strongswan-2.1.5
|
|
----------------
|
|
|
|
- Thomas Walpuski made me aware of a potential DoS attack via
|
|
a PKCS#7-wrapped certificate bundle which could overwrite valid CA
|
|
certificates in Pluto's authority certificate store. This vulnerability
|
|
was fixed by establishing trust in CA candidate certificates up to a
|
|
trusted root CA prior to insertion into Pluto's chained list.
|
|
|
|
- replaced the --assign option by the -v option in the auto awk script
|
|
in order to make it run with mawk under debian/woody.
|
|
|
|
|
|
strongswan-2.1.4
|
|
----------------
|
|
|
|
- Split of the status information between ipsec auto --status (concise)
|
|
and ipsec auto --statusall (verbose). Both commands can be used with
|
|
an optional connection selector:
|
|
|
|
ipsec auto --status[all] <connection_name>
|
|
|
|
- Added the description of X.509 related features to the ipsec_auto(8)
|
|
man page.
|
|
|
|
- Hardened the ASN.1 parser in debug mode, especially the printing
|
|
of malformed distinguished names.
|
|
|
|
- The size of an RSA public key received in a certificate is now restricted to
|
|
|
|
512 bits <= modulus length <= 8192 bits.
|
|
|
|
- Fixed the debug mode enumeration.
|
|
|
|
|
|
strongswan-2.1.3
|
|
----------------
|
|
|
|
- Fixed another PKCS#7 vulnerability which could lead to an
|
|
endless loop while following the X.509 trust chain.
|
|
|
|
|
|
strongswan-2.1.2
|
|
----------------
|
|
|
|
- Fixed the PKCS#7 vulnerability discovered by Thomas Walpuski
|
|
that accepted end certificates having identical issuer and subject
|
|
distinguished names in a multi-tier X.509 trust chain.
|
|
|
|
|
|
strongswan-2.1.1
|
|
----------------
|
|
|
|
- Removed all remaining references to ipsec_netlink.h in KLIPS.
|
|
|
|
|
|
strongswan-2.1.0
|
|
----------------
|
|
|
|
- The new "ca" section allows to define the following parameters:
|
|
|
|
ca kool
|
|
cacert=koolCA.pem # cacert of kool CA
|
|
ocspuri=http://ocsp.kool.net:8001 # ocsp server
|
|
ldapserver=ldap.kool.net # default ldap server
|
|
crluri=http://www.kool.net/kool.crl # crl distribution point
|
|
crluri2="ldap:///O=Kool, C= .." # crl distribution point #2
|
|
auto=add # add, ignore
|
|
|
|
The ca definitions can be monitored via the command
|
|
|
|
ipsec auto --listcainfos
|
|
|
|
- Fixed cosmetic corruption of /proc filesystem by integrating
|
|
D. Hugh Redelmeier's freeswan-2.06 kernel fixes.
|
|
|
|
|
|
strongswan-2.0.2
|
|
----------------
|
|
|
|
- Added support for the 818043 NAT-Traversal update of Microsoft's
|
|
Windows 2000/XP IPsec client which sends an ID_FQDN during Quick Mode.
|
|
|
|
- A symbolic link to libcrypto is now added in the kernel sources
|
|
during kernel compilation
|
|
|
|
- Fixed a couple of 64 bit issues (mostly casts to int).
|
|
Thanks to Ken Bantoft who checked my sources on a 64 bit platform.
|
|
|
|
- Replaced s[n]printf() statements in the kernel by ipsec_snprintf().
|
|
Credits go to D. Hugh Redelmeier, Michael Richardson, and Sam Sgro
|
|
of the FreeS/WAN team who solved this problem with the 2.4.25 kernel.
|
|
|
|
|
|
strongswan-2.0.1
|
|
----------------
|
|
|
|
- an empty ASN.1 SEQUENCE OF or SET OF object (e.g. a subjectAltName
|
|
certificate extension which contains no generalName item) can cause
|
|
a pluto crash. This bug has been fixed. Additionally the ASN.1 parser has
|
|
been hardened to make it more robust against malformed ASN.1 objects.
|
|
|
|
- applied Herbert Xu's NAT-T patches which fixes NAT-T under the native
|
|
Linux 2.6 IPsec stack.
|
|
|
|
|
|
strongswan-2.0.0
|
|
----------------
|
|
|
|
- based on freeswan-2.04, x509-1.5.3, nat-0.6c, alg-0.8.1rc12
|