summaryrefslogtreecommitdiff
path: root/NEWS
diff options
context:
space:
mode:
authorRene Mayrhofer <rene@mayrhofer.eu.org>2007-04-12 20:41:31 +0000
committerRene Mayrhofer <rene@mayrhofer.eu.org>2007-04-12 20:41:31 +0000
commit774a362e87feab25f1be16fbca08269ddc7121a4 (patch)
treecf71f4e7466468ac3edc2127125f333224a9acfb /NEWS
parentc54a140a445bfe7aa66721f68bb0781f26add91c (diff)
downloadvyos-strongswan-774a362e87feab25f1be16fbca08269ddc7121a4.tar.gz
vyos-strongswan-774a362e87feab25f1be16fbca08269ddc7121a4.zip
Major new upstream release, just ran svn-upgrade for now (and wrote some
debian/changelong entries).
Diffstat (limited to 'NEWS')
-rw-r--r--NEWS962
1 files changed, 962 insertions, 0 deletions
diff --git a/NEWS b/NEWS
new file mode 100644
index 000000000..ab92d22e5
--- /dev/null
+++ b/NEWS
@@ -0,0 +1,962 @@
+strongswan-4.1.1
+----------------
+
+- Server side cookie support. If to may IKE_SAs are in CONNECTING state,
+ cookies are enabled and protect against DoS attacks with faked source
+ addresses. Number of IKE_SAs in CONNECTING state is also limited per
+ peer address to avoid resource exhaustion. IKE_SA_INIT messages are
+ compared to properly detect retransmissions and incoming retransmits are
+ detected even if the IKE_SA is blocked (e.g. doing OCSP fetches).
+
+- The IKEv2 daemon charon now supports dynamic http- and ldap-based CRL
+ fetching enabled by crlcheckinterval > 0 and caching fetched CRLs
+ enabled by cachecrls=yes.
+
+- Added the configuration options --enable-nat-transport which enables
+ the potentially insecure NAT traversal for IPsec transport mode and
+ --disable-vendor-id which disables the sending of the strongSwan
+ vendor ID.
+
+- Fixed a long-standing bug in the pluto IKEv1 daemon which caused
+ a segmentation fault if a malformed payload was detected in the
+ IKE MR2 message and pluto tried to send an encrypted notification
+ message.
+
+- Added the NATT_IETF_02_N Vendor ID in order to support IKEv1 connections
+ with Windows 2003 Server which uses a wrong VID hash.
+
+
+strongswan-4.1.0
+----------------
+
+- Support of SHA2_384 hash function for protecting IKEv1
+ negotiations and support of SHA2 signatures in X.509 certificates.
+
+- Fixed a serious bug in the computation of the SHA2-512 HMAC
+ function. Introduced automatic self-test of all IKEv1 hash
+ and hmac functions during pluto startup. Failure of a self-test
+ currently issues a warning only but does not exit pluto [yet].
+
+- Support for SHA2-256/384/512 PRF and HMAC functions in IKEv2.
+
+- Full support of CA information sections. ipsec listcainfos
+ now shows all collected crlDistributionPoints and OCSP
+ accessLocations.
+
+- Support of the Online Certificate Status Protocol (OCSP) for IKEv2.
+ This feature requires the HTTP fetching capabilities of the libcurl
+ library which must be enabled by setting the --enable-http configure
+ option.
+
+- Refactored core of the IKEv2 message processing code, allowing better
+ code reuse and separation.
+
+- Virtual IP support in IKEv2 using INTERNAL_IP4/6_ADDRESS configuration
+ payload. Additionally, the INTERNAL_IP4/6_DNS attribute is interpreted
+ by the requestor and installed in a resolv.conf file.
+
+- The IKEv2 daemon charon installs a route for each IPsec policy to use
+ the correct source address even if an application does not explicitly
+ specify it.
+
+- Integrated the EAP framework into charon which loads pluggable EAP library
+ modules. The ipsec.conf parameter authby=eap initiates EAP authentication
+ on the client side, while the "eap" parameter on the server side defines
+ the EAP method to use for client authentication.
+ A generic client side EAP-Identity module and an EAP-SIM authentication
+ module using a third party card reader implementation are included.
+
+- Added client side support for cookies.
+
+- Integrated the fixes done at the IKEv2 interoperability bakeoff, including
+ strict payload order, correct INVALID_KE_PAYLOAD rejection and other minor
+ fixes to enhance interoperability with other implementations.
+
+strongswan-4.0.7
+----------------
+
+- strongSwan now interoperates with the NCP Secure Entry Client,
+ the Shrew Soft VPN Client, and the Cisco VPN client, doing both
+ XAUTH and Mode Config.
+
+- UNITY attributes are now recognized and UNITY_BANNER is set
+ to a default string.
+
+
+strongswan-4.0.6
+----------------
+
+- IKEv1: Support for extended authentication (XAUTH) in combination
+ with ISAKMP Main Mode RSA or PSK authentication. Both client and
+ server side were implemented. Handling of user credentials can
+ be done by a run-time loadable XAUTH module. By default user
+ credentials are stored in ipsec.secrets.
+
+- IKEv2: Support for reauthentication when rekeying
+
+- IKEv2: Support for transport mode
+
+- fixed a lot of bugs related to byte order
+
+- various other bugfixes
+
+
+strongswan-4.0.5
+----------------
+
+- IKEv1: Implementation of ModeConfig push mode via the new connection
+ keyword modeconfig=push allows interoperability with Cisco VPN gateways.
+
+- IKEv1: The command ipsec statusall now shows "DPD active" for all
+ ISAKMP SAs that are under active Dead Peer Detection control.
+
+- IKEv2: Charon's logging and debugging framework has been completely rewritten.
+ Instead of logger, special printf() functions are used to directly
+ print objects like hosts (%H) identifications (%D), certificates (%Q),
+ etc. The number of debugging levels have been reduced to:
+
+ 0 (audit), 1 (control), 2 (controlmore), 3 (raw), 4 (private)
+
+ The debugging levels can either be specified statically in ipsec.conf as
+
+ config setup
+ charondebug="lib 1, cfg 3, net 2"
+
+ or changed at runtime via stroke as
+
+ ipsec stroke loglevel cfg 2
+
+
+strongswan-4.0.4
+----------------
+
+- Implemented full support for IPv6-in-IPv6 tunnels.
+
+- Added configuration options for dead peer detection in IKEv2. dpd_action
+ types "clear", "hold" and "restart" are supported. The dpd_timeout
+ value is not used, as the normal retransmission policy applies to
+ detect dead peers. The dpd_delay parameter enables sending of empty
+ informational message to detect dead peers in case of inactivity.
+
+- Added support for preshared keys in IKEv2. PSK keys configured in
+ ipsec.secrets are loaded. The authby parameter specifies the authentication
+ method to authentificate ourself, the other peer may use PSK or RSA.
+
+- Changed retransmission policy to respect the keyingtries parameter.
+
+- Added private key decryption. PEM keys encrypted with AES-128/192/256
+ or 3DES are supported.
+
+- Implemented DES/3DES algorithms in libstrongswan. 3DES can be used to
+ encrypt IKE traffic.
+
+- Implemented SHA-256/384/512 in libstrongswan, allows usage of certificates
+ signed with such a hash algorithm.
+
+- Added initial support for updown scripts. The actions up-host/client and
+ down-host/client are executed. The leftfirewall=yes parameter
+ uses the default updown script to insert dynamic firewall rules, a custom
+ updown script may be specified with the leftupdown parameter.
+
+
+strongswan-4.0.3
+----------------
+
+- Added support for the auto=route ipsec.conf parameter and the
+ ipsec route/unroute commands for IKEv2. This allows to set up IKE_SAs and
+ CHILD_SAs dynamically on demand when traffic is detected by the
+ kernel.
+
+- Added support for rekeying IKE_SAs in IKEv2 using the ikelifetime parameter.
+ As specified in IKEv2, no reauthentication is done (unlike in IKEv1), only
+ new keys are generated using perfect forward secrecy. An optional flag
+ which enforces reauthentication will be implemented later.
+
+- "sha" and "sha1" are now treated as synonyms in the ike= and esp=
+ algorithm configuration statements.
+
+
+strongswan-4.0.2
+----------------
+
+- Full X.509 certificate trust chain verification has been implemented.
+ End entity certificates can be exchanged via CERT payloads. The current
+ default is leftsendcert=always, since CERTREQ payloads are not supported
+ yet. Optional CRLs must be imported locally into /etc/ipsec.d/crls.
+
+- Added support for leftprotoport/rightprotoport parameters in IKEv2. IKEv2
+ would offer more possibilities for traffic selection, but the Linux kernel
+ currently does not support it. That's why we stick with these simple
+ ipsec.conf rules for now.
+
+- Added Dead Peer Detection (DPD) which checks liveliness of remote peer if no
+ IKE or ESP traffic is received. DPD is currently hardcoded (dpdaction=clear,
+ dpddelay=60s).
+
+- Initial NAT traversal support in IKEv2. Charon includes NAT detection
+ notify payloads to detect NAT routers between the peers. It switches
+ to port 4500, uses UDP encapsulated ESP packets, handles peer address
+ changes gracefully and sends keep alive message periodically.
+
+- Reimplemented IKE_SA state machine for charon, which allows simultaneous
+ rekeying, more shared code, cleaner design, proper retransmission
+ and a more extensible code base.
+
+- The mixed PSK/RSA roadwarrior detection capability introduced by the
+ strongswan-2.7.0 release necessitated the pre-parsing of the IKE proposal
+ payloads by the responder right before any defined IKE Main Mode state had
+ been established. Although any form of bad proposal syntax was being correctly
+ detected by the payload parser, the subsequent error handler didn't check
+ the state pointer before logging current state information, causing an
+ immediate crash of the pluto keying daemon due to a NULL pointer.
+
+
+strongswan-4.0.1
+----------------
+
+- Added algorithm selection to charon: New default algorithms for
+ ike=aes128-sha-modp2048, as both daemons support it. The default
+ for IPsec SAs is now esp=aes128-sha,3des-md5. charon handles
+ the ike/esp parameter the same way as pluto. As this syntax does
+ not allow specification of a pseudo random function, the same
+ algorithm as for integrity is used (currently sha/md5). Supported
+ algorithms for IKE:
+ Encryption: aes128, aes192, aes256
+ Integrity/PRF: md5, sha (using hmac)
+ DH-Groups: modp768, 1024, 1536, 2048, 4096, 8192
+ and for ESP:
+ Encryption: aes128, aes192, aes256, 3des, blowfish128,
+ blowfish192, blowfish256
+ Integrity: md5, sha1
+ More IKE encryption algorithms will come after porting libcrypto into
+ libstrongswan.
+
+- initial support for rekeying CHILD_SAs using IKEv2. Currently no
+ perfect forward secrecy is used. The rekeying parameters rekey,
+ rekeymargin, rekeyfuzz and keylife from ipsec.conf are now supported
+ when using IKEv2. WARNING: charon currently is unable to handle
+ simultaneous rekeying. To avoid such a situation, use a large
+ rekeyfuzz, or even better, set rekey=no on one peer.
+
+- support for host2host, net2net, host2net (roadwarrior) tunnels
+ using predefined RSA certificates (see uml scenarios for
+ configuration examples).
+
+- new build environment featuring autotools. Features such
+ as HTTP, LDAP and smartcard support may be enabled using
+ the ./configure script. Changing install directories
+ is possible, too. See ./configure --help for more details.
+
+- better integration of charon with ipsec starter, which allows
+ (almost) transparent operation with both daemons. charon
+ handles ipsec commands up, down, status, statusall, listall,
+ listcerts and allows proper load, reload and delete of connections
+ via ipsec starter.
+
+
+strongswan-4.0.0
+----------------
+
+- initial support of the IKEv2 protocol. Connections in
+ ipsec.conf designated by keyexchange=ikev2 are negotiated
+ by the new IKEv2 charon keying daemon whereas those marked
+ by keyexchange=ikev1 or the default keyexchange=ike are
+ handled thy the IKEv1 pluto keying daemon. Currently only
+ a limited subset of functions are available with IKEv2
+ (Default AES encryption, authentication based on locally
+ imported X.509 certificates, unencrypted private RSA keys
+ in PKCS#1 file format, limited functionality of the ipsec
+ status command).
+
+
+strongswan-2.7.0
+----------------
+
+- the dynamic iptables rules from the _updown_x509 template
+ for KLIPS and the _updown_policy template for NETKEY have
+ been merged into the default _updown script. The existing
+ left|rightfirewall keyword causes the automatic insertion
+ and deletion of ACCEPT rules for tunneled traffic upon
+ the successful setup and teardown of an IPsec SA, respectively.
+ left|rightfirwall can be used with KLIPS under any Linux 2.4
+ kernel or with NETKEY under a Linux kernel version >= 2.6.16
+ in conjuction with iptables >= 1.3.5. For NETKEY under a Linux
+ kernel version < 2.6.16 which does not support IPsec policy
+ matching yet, please continue to use a copy of the _updown_espmark
+ template loaded via the left|rightupdown keyword.
+
+- a new left|righthostaccess keyword has been introduced which
+ can be used in conjunction with left|rightfirewall and the
+ default _updown script. By default leftfirewall=yes inserts
+ a bi-directional iptables FORWARD rule for a local client network
+ with a netmask different from 255.255.255.255 (single host).
+ This does not allow to access the VPN gateway host via its
+ internal network interface which is part of the client subnet
+ because an iptables INPUT and OUTPUT rule would be required.
+ lefthostaccess=yes will cause this additional ACCEPT rules to
+ be inserted.
+
+- mixed PSK|RSA roadwarriors are now supported. The ISAKMP proposal
+ payload is preparsed in order to find out whether the roadwarrior
+ requests PSK or RSA so that a matching connection candidate can
+ be found.
+
+
+strongswan-2.6.4
+----------------
+
+- the new _updown_policy template allows ipsec policy based
+ iptables firewall rules. Required are iptables version
+ >= 1.3.5 and linux kernel >= 2.6.16. This script obsoletes
+ the _updown_espmark template, so that no INPUT mangle rules
+ are required any more.
+
+- added support of DPD restart mode
+
+- ipsec starter now allows the use of wildcards in include
+ statements as e.g. in "include /etc/my_ipsec/*.conf".
+ Patch courtesy of Matthias Haas.
+
+- the Netscape OID 'employeeNumber' is now recognized and can be
+ used as a Relative Distinguished Name in certificates.
+
+
+strongswan-2.6.3
+----------------
+
+- /etc/init.d/ipsec or /etc/rc.d/ipsec is now a copy of the ipsec
+ command and not of ipsec setup any more.
+
+- ipsec starter now supports AH authentication in conjunction with
+ ESP encryption. AH authentication is configured in ipsec.conf
+ via the auth=ah parameter.
+
+- The command ipsec scencrypt|scdecrypt <args> is now an alias for
+ ipsec whack --scencrypt|scdecrypt <args>.
+
+- get_sa_info() now determines for the native netkey IPsec stack
+ the exact time of the last use of an active eroute. This information
+ is used by the Dead Peer Detection algorithm and is also displayed by
+ the ipsec status command.
+
+
+strongswan-2.6.2
+----------------
+
+- running under the native Linux 2.6 IPsec stack, the function
+ get_sa_info() is called by ipsec auto --status to display the current
+ number of transmitted bytes per IPsec SA.
+
+- get_sa_info() is also used by the Dead Peer Detection process to detect
+ recent ESP activity. If ESP traffic was received from the peer within
+ the last dpd_delay interval then no R_Y_THERE notification must be sent.
+
+- strongSwan now supports the Relative Distinguished Name "unstructuredName"
+ in ID_DER_ASN1_DN identities. The following notations are possible:
+
+ rightid="unstructuredName=John Doe"
+ rightid="UN=John Doe"
+
+- fixed a long-standing bug which caused PSK-based roadwarrior connections
+ to segfault in the function id.c:same_id() called by keys.c:get_secret()
+ if an FQDN, USER_FQDN, or Key ID was defined, as in the following example.
+
+ conn rw
+ right=%any
+ rightid=@foo.bar
+ authby=secret
+
+- the ipsec command now supports most ipsec auto commands (e.g. ipsec listall).
+
+- ipsec starter didn't set host_addr and client.addr ports in whack msg.
+
+- in order to guarantee backwards-compatibility with the script-based
+ auto function (e.g. auto --replace), the ipsec starter scripts stores
+ the defaultroute information in the temporary file /var/run/ipsec.info.
+
+- The compile-time option USE_XAUTH_VID enables the sending of the XAUTH
+ Vendor ID which is expected by Cisco PIX 7 boxes that act as IKE Mode Config
+ servers.
+
+- the ipsec starter now also recognizes the parameters authby=never and
+ type=passthrough|pass|drop|reject.
+
+
+strongswan-2.6.1
+----------------
+
+- ipsec starter now supports the also parameter which allows
+ a modular structure of the connection definitions. Thus
+ "ipsec start" is now ready to replace "ipsec setup".
+
+
+strongswan-2.6.0
+----------------
+
+- Mathieu Lafon's popular ipsec starter tool has been added to the
+ strongSwan distribution. Many thanks go to Stephan Scholz from astaro
+ for his integration work. ipsec starter is a C program which is going
+ to replace the various shell and awk starter scripts (setup, _plutoload,
+ _plutostart, _realsetup, _startklips, _confread, and auto). Since
+ ipsec.conf is now parsed only once, the starting of multiple tunnels is
+ accelerated tremedously.
+
+- Added support of %defaultroute to the ipsec starter. If the IP address
+ changes, a HUP signal to the ipsec starter will automatically
+ reload pluto's connections.
+
+- moved most compile time configurations from pluto/Makefile to
+ Makefile.inc by defining the options USE_LIBCURL, USE_LDAP,
+ USE_SMARTCARD, and USE_NAT_TRAVERSAL_TRANSPORT_MODE.
+
+- removed the ipsec verify and ipsec newhostkey commands
+
+- fixed some 64-bit issues in formatted print statements
+
+- The scepclient functionality implementing the Simple Certificate
+ Enrollment Protocol (SCEP) is nearly complete but hasn't been
+ documented yet.
+
+
+strongswan-2.5.7
+----------------
+
+- CA certicates are now automatically loaded from a smartcard
+ or USB crypto token and appear in the ipsec auto --listcacerts
+ listing.
+
+
+strongswan-2.5.6
+----------------
+
+- when using "ipsec whack --scencrypt <data>" with a PKCS#11
+ library that does not support the C_Encrypt() Cryptoki
+ function (e.g. OpenSC), the RSA encryption is done in
+ software using the public key fetched from the smartcard.
+
+- The scepclient function now allows to define the
+ validity of a self-signed certificate using the --days,
+ --startdate, and --enddate options. The default validity
+ has been changed from one year to five years.
+
+
+strongswan-2.5.5
+----------------
+
+- the config setup parameter pkcs11proxy=yes opens pluto's PKCS#11
+ interface to other applications for RSA encryption and decryption
+ via the whack interface. Notation:
+
+ ipsec whack --scencrypt <data>
+ [--inbase 16|hex|64|base64|256|text|ascii]
+ [--outbase 16|hex|64|base64|256|text|ascii]
+ [--keyid <keyid>]
+
+ ipsec whack --scdecrypt <data>
+ [--inbase 16|hex|64|base64|256|text|ascii]
+ [--outbase 16|hex|64|base64|256|text|ascii]
+ [--keyid <keyid>]
+
+ The default setting for inbase and outbase is hex.
+
+ The new proxy interface can be used for securing symmetric
+ encryption keys required by the cryptoloop or dm-crypt
+ disk encryption schemes, especially in the case when
+ pkcs11keepstate=yes causes pluto to lock the pkcs11 slot
+ permanently.
+
+- if the file /etc/ipsec.secrets is lacking during the startup of
+ pluto then the root-readable file /etc/ipsec.d/private/myKey.der
+ containing a 2048 bit RSA private key and a matching self-signed
+ certificate stored in the file /etc/ipsec.d/certs/selfCert.der
+ is automatically generated by calling the function
+
+ ipsec scepclient --out pkcs1 --out cert-self
+
+ scepclient was written by Jan Hutter and Martin Willi, students
+ at the University of Applied Sciences in Rapperswil, Switzerland.
+
+
+strongswan-2.5.4
+----------------
+
+- the current extension of the PKCS#7 framework introduced
+ a parsing error in PKCS#7 wrapped X.509 certificates that are
+ e.g. transmitted by Windows XP when multi-level CAs are used.
+ the parsing syntax has been fixed.
+
+- added a patch by Gerald Richter which tolerates multiple occurrences
+ of the ipsec0 interface when using KLIPS.
+
+
+strongswan-2.5.3
+----------------
+
+- with gawk-3.1.4 the word "default2 has become a protected
+ keyword for use in switch statements and cannot be used any
+ more in the strongSwan scripts. This problem has been
+ solved by renaming "default" to "defaults" and "setdefault"
+ in the scripts _confread and auto, respectively.
+
+- introduced the parameter leftsendcert with the values
+
+ always|yes (the default, always send a cert)
+ ifasked (send the cert only upon a cert request)
+ never|no (never send a cert, used for raw RSA keys and
+ self-signed certs)
+
+- fixed the initialization of the ESP key length to a default of
+ 128 bits in the case that the peer does not send a key length
+ attribute for AES encryption.
+
+- applied Herbert Xu's uniqueIDs patch
+
+- applied Herbert Xu's CLOEXEC patches
+
+
+strongswan-2.5.2
+----------------
+
+- CRLs can now be cached also in the case when the issuer's
+ certificate does not contain a subjectKeyIdentifier field.
+ In that case the subjectKeyIdentifier is computed by pluto as the
+ 160 bit SHA-1 hash of the issuer's public key in compliance
+ with section 4.2.1.2 of RFC 3280.
+
+- Fixed a bug introduced by strongswan-2.5.1 which eliminated
+ not only multiple Quick Modes of a given connection but also
+ multiple connections between two security gateways.
+
+
+strongswan-2.5.1
+----------------
+
+- Under the native IPsec of the Linux 2.6 kernel, a %trap eroute
+ installed either by setting auto=route in ipsec.conf or by
+ a connection put into hold, generates an XFRM_AQUIRE event
+ for each packet that wants to use the not-yet exisiting
+ tunnel. Up to now each XFRM_AQUIRE event led to an entry in
+ the Quick Mode queue, causing multiple IPsec SA to be
+ established in rapid succession. Starting with strongswan-2.5.1
+ only a single IPsec SA is established per host-pair connection.
+
+- Right after loading the PKCS#11 module, all smartcard slots are
+ searched for certificates. The result can be viewed using
+ the command
+
+ ipsec auto --listcards
+
+ The certificate objects found in the slots are numbered
+ starting with #1, #2, etc. This position number can be used to address
+ certificates (leftcert=%smartcard) and keys (: PIN %smartcard)
+ in ipsec.conf and ipsec.secrets, respectively:
+
+ %smartcard (selects object #1)
+ %smartcard#1 (selects object #1)
+ %smartcard#3 (selects object #3)
+
+ As an alternative the existing retrieval scheme can be used:
+
+ %smartcard:45 (selects object with id=45)
+ %smartcard0 (selects first object in slot 0)
+ %smartcard4:45 (selects object in slot 4 with id=45)
+
+- Depending on the settings of CKA_SIGN and CKA_DECRYPT
+ private key flags either C_Sign() or C_Decrypt() is used
+ to generate a signature.
+
+- The output buffer length parameter siglen in C_Sign()
+ is now initialized to the actual size of the output
+ buffer prior to the function call. This fixes the
+ CKR_BUFFER_TOO_SMALL error that could occur when using
+ the OpenSC PKCS#11 module.
+
+- Changed the initialization of the PKCS#11 CK_MECHANISM in
+ C_SignInit() to mech = { CKM_RSA_PKCS, NULL_PTR, 0 }.
+
+- Refactored the RSA public/private key code and transferred it
+ from keys.c to the new pkcs1.c file as a preparatory step
+ towards the release of the SCEP client.
+
+
+strongswan-2.5.0
+----------------
+
+- The loading of a PKCS#11 smartcard library module during
+ runtime does not require OpenSC library functions any more
+ because the corresponding code has been integrated into
+ smartcard.c. Also the RSAREF pkcs11 header files have been
+ included in a newly created pluto/rsaref directory so that
+ no external include path has to be defined any longer.
+
+- A long-awaited feature has been implemented at last:
+ The local caching of CRLs fetched via HTTP or LDAP, activated
+ by the parameter cachecrls=yes in the config setup section
+ of ipsec.conf. The dynamically fetched CRLs are stored under
+ a unique file name containing the issuer's subjectKeyID
+ in /etc/ipsec.d/crls.
+
+- Applied a one-line patch courtesy of Michael Richardson
+ from the Openswan project which fixes the kernel-oops
+ in KLIPS when an snmp daemon is running on the same box.
+
+
+strongswan-2.4.4
+----------------
+
+- Eliminated null length CRL distribution point strings.
+
+- Fixed a trust path evaluation bug introduced with 2.4.3
+
+
+strongswan-2.4.3
+----------------
+
+- Improved the joint OCSP / CRL revocation policy.
+ OCSP responses have precedence over CRL entries.
+
+- Introduced support of CRLv2 reason codes.
+
+- Fixed a bug with key-pad equipped readers which caused
+ pluto to prompt for the pin via the console when the first
+ occasion to enter the pin via the key-pad was missed.
+
+- When pluto is built with LDAP_V3 enabled, the library
+ liblber required by newer versions of openldap is now
+ included.
+
+
+strongswan-2.4.2
+----------------
+
+- Added the _updown_espmark template which requires all
+ incoming ESP traffic to be marked with a default mark
+ value of 50.
+
+- Introduced the pkcs11keepstate parameter in the config setup
+ section of ipsec.conf. With pkcs11keepstate=yes the PKCS#11
+ session and login states are kept as long as possible during
+ the lifetime of pluto. This means that a PIN entry via a key
+ pad has to be done only once.
+
+- Introduced the pkcs11module parameter in the config setup
+ section of ipsec.conf which specifies the PKCS#11 module
+ to be used with smart cards. Example:
+
+ pkcs11module=/usr/lib/pkcs11/opensc-pkcs11.lo
+
+- Added support of smartcard readers equipped with a PIN pad.
+
+- Added patch by Jay Pfeifer which detects when netkey
+ modules have been statically built into the Linux 2.6 kernel.
+
+- Added two patches by Herbert Xu. The first uses ip xfrm
+ instead of setkey to flush the IPsec policy database. The
+ second sets the optional flag in inbound IPComp SAs only.
+
+- Applied Ulrich Weber's patch which fixes an interoperability
+ problem between native IPsec and KLIPS systems caused by
+ setting the replay window to 32 instead of 0 for ipcomp.
+
+
+strongswan-2.4.1
+----------------
+
+- Fixed a bug which caused an unwanted Mode Config request
+ to be initiated in the case where "right" was used to denote
+ the local side in ipsec.conf and "left" the remote side,
+ contrary to the recommendation that "right" be remote and
+ "left" be"local".
+
+
+strongswan-2.4.0a
+-----------------
+
+- updated Vendor ID to strongSwan-2.4.0
+
+- updated copyright statement to include David Buechi and
+ Michael Meier
+
+
+strongswan-2.4.0
+----------------
+
+- strongSwan now communicates with attached smartcards and
+ USB crypto tokens via the standardized PKCS #11 interface.
+ By default the OpenSC library from www.opensc.org is used
+ but any other PKCS#11 library could be dynamically linked.
+ strongSwan's PKCS#11 API was implemented by David Buechi
+ and Michael Meier, both graduates of the Zurich University
+ of Applied Sciences in Winterthur, Switzerland.
+
+- When a %trap eroute is triggered by an outgoing IP packet
+ then the native IPsec stack of the Linux 2.6 kernel [often/
+ always?] returns an XFRM_ACQUIRE message with an undefined
+ protocol family field and the connection setup fails.
+ As a workaround IPv4 (AF_INET) is now assumed.
+
+- the results of the UML test scenarios are now enhanced
+ with block diagrams of the virtual network topology used
+ in a particular test.
+
+
+strongswan-2.3.2
+----------------
+
+- fixed IV used to decrypt informational messages.
+ This bug was introduced with Mode Config functionality.
+
+- fixed NCP Vendor ID.
+
+- undid one of Ulrich Weber's maximum udp size patches
+ because it caused a segmentation fault with NAT-ed
+ Delete SA messages.
+
+- added UML scenarios wildcards and attr-cert which
+ demonstrate the implementation of IPsec policies based
+ on wildcard parameters contained in Distinguished Names and
+ on X.509 attribute certificates, respectively.
+
+
+strongswan-2.3.1
+----------------
+
+- Added basic Mode Config functionality
+
+- Added Mathieu Lafon's patch which upgrades the status of
+ the NAT-Traversal implementation to RFC 3947.
+
+- The _startklips script now also loads the xfrm4_tunnel
+ module.
+
+- Added Ulrich Weber's netlink replay window size and
+ maximum udp size patches.
+
+- UML testing now uses the Linux 2.6.10 UML kernel by default.
+
+
+strongswan-2.3.0
+----------------
+
+- Eric Marchionni and Patrik Rayo, both recent graduates from
+ the Zuercher Hochschule Winterthur in Switzerland, created a
+ User-Mode-Linux test setup for strongSwan. For more details
+ please read the INSTALL and README documents in the testing
+ subdirectory.
+
+- Full support of group attributes based on X.509 attribute
+ certificates. Attribute certificates can be generated
+ using the openac facility. For more details see
+
+ man ipsec_openac.
+
+ The group attributes can be used in connection definitions
+ in order to give IPsec access to specific user groups.
+ This is done with the new parameter left|rightgroups as in
+
+ rightgroups="Research, Sales"
+
+ giving access to users possessing the group attributes
+ Research or Sales, only.
+
+- In Quick Mode clients with subnet mask /32 are now
+ coded as IP_V4_ADDRESS or IP_V6_ADDRESS. This should
+ fix rekeying problems with the SafeNet/SoftRemote and NCP
+ Secure Entry Clients.
+
+- Changed the defaults of the ikelifetime and keylife parameters
+ to 3h and 1h, respectively. The maximum allowable values are
+ now both set to 24 h.
+
+- Suppressed notification wars between two IPsec peers that
+ could e.g. be triggered by incorrect ISAKMP encryption.
+
+- Public RSA keys can now have identical IDs if either the
+ issuing CA or the serial number is different. The serial
+ number of a certificate is now shown by the command
+
+ ipsec auto --listpubkeys
+
+
+strongswan-2.2.2
+----------------
+
+- Added Tuomo Soini's sourceip feature which allows a strongSwan
+ roadwarrior to use a fixed Virtual IP (see README section 2.6)
+ and reduces the well-known four tunnel case on VPN gateways to
+ a single tunnel definition (see README section 2.4).
+
+- Fixed a bug occuring with NAT-Traversal enabled when the responder
+ suddenly turns initiator and the initiator cannot find a matching
+ connection because of the floated IKE port 4500.
+
+- Removed misleading ipsec verify command from barf.
+
+- Running under the native IP stack, ipsec --version now shows
+ the Linux kernel version (courtesy to the Openswan project).
+
+
+strongswan-2.2.1
+----------------
+
+- Introduced the ipsec auto --listalgs monitoring command which lists
+ all currently registered IKE and ESP algorithms.
+
+- Fixed a bug in the ESP algorithm selection occuring when the strict flag
+ is set and the first proposed transform does not match.
+
+- Fixed another deadlock in the use of the lock_certs_and_keys() mutex,
+ occuring when a smartcard is present.
+
+- Prevented that a superseded Phase1 state can trigger a DPD_TIMEOUT event.
+
+- Fixed the printing of the notification names (null)
+
+- Applied another of Herbert Xu's Netlink patches.
+
+
+strongswan-2.2.0
+----------------
+
+- Support of Dead Peer Detection. The connection parameter
+
+ dpdaction=clear|hold
+
+ activates DPD for the given connection.
+
+- The default Opportunistic Encryption (OE) policy groups are not
+ automatically included anymore. Those wishing to activate OE can include
+ the policy group with the following statement in ipsec.conf:
+
+ include /etc/ipsec.d/examples/oe.conf
+
+ The default for [right|left]rsasigkey is now set to %cert.
+
+- strongSwan now has a Vendor ID of its own which can be activated
+ using the compile option VENDORID
+
+- Applied Herbert Xu's patch which sets the compression algorithm correctly.
+
+- Applied Herbert Xu's patch fixing an ESPINUDP problem
+
+- Applied Herbert Xu's patch setting source/destination port numbers.
+
+- Reapplied one of Herbert Xu's NAT-Traversal patches which got
+ lost during the migration from SuperFreeS/WAN.
+
+- Fixed a deadlock in the use of the lock_certs_and_keys() mutex.
+
+- Fixed the unsharing of alg parameters when instantiating group
+ connection.
+
+
+strongswan-2.1.5
+----------------
+
+- Thomas Walpuski made me aware of a potential DoS attack via
+ a PKCS#7-wrapped certificate bundle which could overwrite valid CA
+ certificates in Pluto's authority certificate store. This vulnerability
+ was fixed by establishing trust in CA candidate certificates up to a
+ trusted root CA prior to insertion into Pluto's chained list.
+
+- replaced the --assign option by the -v option in the auto awk script
+ in order to make it run with mawk under debian/woody.
+
+
+strongswan-2.1.4
+----------------
+
+- Split of the status information between ipsec auto --status (concise)
+ and ipsec auto --statusall (verbose). Both commands can be used with
+ an optional connection selector:
+
+ ipsec auto --status[all] <connection_name>
+
+- Added the description of X.509 related features to the ipsec_auto(8)
+ man page.
+
+- Hardened the ASN.1 parser in debug mode, especially the printing
+ of malformed distinguished names.
+
+- The size of an RSA public key received in a certificate is now restricted to
+
+ 512 bits <= modulus length <= 8192 bits.
+
+- Fixed the debug mode enumeration.
+
+
+strongswan-2.1.3
+----------------
+
+- Fixed another PKCS#7 vulnerability which could lead to an
+ endless loop while following the X.509 trust chain.
+
+
+strongswan-2.1.2
+----------------
+
+- Fixed the PKCS#7 vulnerability discovered by Thomas Walpuski
+ that accepted end certificates having identical issuer and subject
+ distinguished names in a multi-tier X.509 trust chain.
+
+
+strongswan-2.1.1
+----------------
+
+- Removed all remaining references to ipsec_netlink.h in KLIPS.
+
+
+strongswan-2.1.0
+----------------
+
+- The new "ca" section allows to define the following parameters:
+
+ ca kool
+ cacert=koolCA.pem # cacert of kool CA
+ ocspuri=http://ocsp.kool.net:8001 # ocsp server
+ ldapserver=ldap.kool.net # default ldap server
+ crluri=http://www.kool.net/kool.crl # crl distribution point
+ crluri2="ldap:///O=Kool, C= .." # crl distribution point #2
+ auto=add # add, ignore
+
+ The ca definitions can be monitored via the command
+
+ ipsec auto --listcainfos
+
+- Fixed cosmetic corruption of /proc filesystem by integrating
+ D. Hugh Redelmeier's freeswan-2.06 kernel fixes.
+
+
+strongswan-2.0.2
+----------------
+
+- Added support for the 818043 NAT-Traversal update of Microsoft's
+ Windows 2000/XP IPsec client which sends an ID_FQDN during Quick Mode.
+
+- A symbolic link to libcrypto is now added in the kernel sources
+ during kernel compilation
+
+- Fixed a couple of 64 bit issues (mostly casts to int).
+ Thanks to Ken Bantoft who checked my sources on a 64 bit platform.
+
+- Replaced s[n]printf() statements in the kernel by ipsec_snprintf().
+ Credits go to D. Hugh Redelmeier, Michael Richardson, and Sam Sgro
+ of the FreeS/WAN team who solved this problem with the 2.4.25 kernel.
+
+
+strongswan-2.0.1
+----------------
+
+- an empty ASN.1 SEQUENCE OF or SET OF object (e.g. a subjectAltName
+ certificate extension which contains no generalName item) can cause
+ a pluto crash. This bug has been fixed. Additionally the ASN.1 parser has
+ been hardened to make it more robust against malformed ASN.1 objects.
+
+- applied Herbert Xu's NAT-T patches which fixes NAT-T under the native
+ Linux 2.6 IPsec stack.
+
+
+strongswan-2.0.0
+----------------
+
+- based on freeswan-2.04, x509-1.5.3, nat-0.6c, alg-0.8.1rc12