From 774a362e87feab25f1be16fbca08269ddc7121a4 Mon Sep 17 00:00:00 2001 From: Rene Mayrhofer Date: Thu, 12 Apr 2007 20:41:31 +0000 Subject: Major new upstream release, just ran svn-upgrade for now (and wrote some debian/changelong entries). --- NEWS | 962 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 962 insertions(+) create mode 100644 NEWS (limited to 'NEWS') diff --git a/NEWS b/NEWS new file mode 100644 index 000000000..ab92d22e5 --- /dev/null +++ b/NEWS @@ -0,0 +1,962 @@ +strongswan-4.1.1 +---------------- + +- Server side cookie support. If to may IKE_SAs are in CONNECTING state, + cookies are enabled and protect against DoS attacks with faked source + addresses. Number of IKE_SAs in CONNECTING state is also limited per + peer address to avoid resource exhaustion. IKE_SA_INIT messages are + compared to properly detect retransmissions and incoming retransmits are + detected even if the IKE_SA is blocked (e.g. doing OCSP fetches). + +- The IKEv2 daemon charon now supports dynamic http- and ldap-based CRL + fetching enabled by crlcheckinterval > 0 and caching fetched CRLs + enabled by cachecrls=yes. + +- Added the configuration options --enable-nat-transport which enables + the potentially insecure NAT traversal for IPsec transport mode and + --disable-vendor-id which disables the sending of the strongSwan + vendor ID. + +- Fixed a long-standing bug in the pluto IKEv1 daemon which caused + a segmentation fault if a malformed payload was detected in the + IKE MR2 message and pluto tried to send an encrypted notification + message. + +- Added the NATT_IETF_02_N Vendor ID in order to support IKEv1 connections + with Windows 2003 Server which uses a wrong VID hash. + + +strongswan-4.1.0 +---------------- + +- Support of SHA2_384 hash function for protecting IKEv1 + negotiations and support of SHA2 signatures in X.509 certificates. + +- Fixed a serious bug in the computation of the SHA2-512 HMAC + function. Introduced automatic self-test of all IKEv1 hash + and hmac functions during pluto startup. Failure of a self-test + currently issues a warning only but does not exit pluto [yet]. + +- Support for SHA2-256/384/512 PRF and HMAC functions in IKEv2. + +- Full support of CA information sections. ipsec listcainfos + now shows all collected crlDistributionPoints and OCSP + accessLocations. + +- Support of the Online Certificate Status Protocol (OCSP) for IKEv2. + This feature requires the HTTP fetching capabilities of the libcurl + library which must be enabled by setting the --enable-http configure + option. + +- Refactored core of the IKEv2 message processing code, allowing better + code reuse and separation. + +- Virtual IP support in IKEv2 using INTERNAL_IP4/6_ADDRESS configuration + payload. Additionally, the INTERNAL_IP4/6_DNS attribute is interpreted + by the requestor and installed in a resolv.conf file. + +- The IKEv2 daemon charon installs a route for each IPsec policy to use + the correct source address even if an application does not explicitly + specify it. + +- Integrated the EAP framework into charon which loads pluggable EAP library + modules. The ipsec.conf parameter authby=eap initiates EAP authentication + on the client side, while the "eap" parameter on the server side defines + the EAP method to use for client authentication. + A generic client side EAP-Identity module and an EAP-SIM authentication + module using a third party card reader implementation are included. + +- Added client side support for cookies. + +- Integrated the fixes done at the IKEv2 interoperability bakeoff, including + strict payload order, correct INVALID_KE_PAYLOAD rejection and other minor + fixes to enhance interoperability with other implementations. + +strongswan-4.0.7 +---------------- + +- strongSwan now interoperates with the NCP Secure Entry Client, + the Shrew Soft VPN Client, and the Cisco VPN client, doing both + XAUTH and Mode Config. + +- UNITY attributes are now recognized and UNITY_BANNER is set + to a default string. + + +strongswan-4.0.6 +---------------- + +- IKEv1: Support for extended authentication (XAUTH) in combination + with ISAKMP Main Mode RSA or PSK authentication. Both client and + server side were implemented. Handling of user credentials can + be done by a run-time loadable XAUTH module. By default user + credentials are stored in ipsec.secrets. + +- IKEv2: Support for reauthentication when rekeying + +- IKEv2: Support for transport mode + +- fixed a lot of bugs related to byte order + +- various other bugfixes + + +strongswan-4.0.5 +---------------- + +- IKEv1: Implementation of ModeConfig push mode via the new connection + keyword modeconfig=push allows interoperability with Cisco VPN gateways. + +- IKEv1: The command ipsec statusall now shows "DPD active" for all + ISAKMP SAs that are under active Dead Peer Detection control. + +- IKEv2: Charon's logging and debugging framework has been completely rewritten. + Instead of logger, special printf() functions are used to directly + print objects like hosts (%H) identifications (%D), certificates (%Q), + etc. The number of debugging levels have been reduced to: + + 0 (audit), 1 (control), 2 (controlmore), 3 (raw), 4 (private) + + The debugging levels can either be specified statically in ipsec.conf as + + config setup + charondebug="lib 1, cfg 3, net 2" + + or changed at runtime via stroke as + + ipsec stroke loglevel cfg 2 + + +strongswan-4.0.4 +---------------- + +- Implemented full support for IPv6-in-IPv6 tunnels. + +- Added configuration options for dead peer detection in IKEv2. dpd_action + types "clear", "hold" and "restart" are supported. The dpd_timeout + value is not used, as the normal retransmission policy applies to + detect dead peers. The dpd_delay parameter enables sending of empty + informational message to detect dead peers in case of inactivity. + +- Added support for preshared keys in IKEv2. PSK keys configured in + ipsec.secrets are loaded. The authby parameter specifies the authentication + method to authentificate ourself, the other peer may use PSK or RSA. + +- Changed retransmission policy to respect the keyingtries parameter. + +- Added private key decryption. PEM keys encrypted with AES-128/192/256 + or 3DES are supported. + +- Implemented DES/3DES algorithms in libstrongswan. 3DES can be used to + encrypt IKE traffic. + +- Implemented SHA-256/384/512 in libstrongswan, allows usage of certificates + signed with such a hash algorithm. + +- Added initial support for updown scripts. The actions up-host/client and + down-host/client are executed. The leftfirewall=yes parameter + uses the default updown script to insert dynamic firewall rules, a custom + updown script may be specified with the leftupdown parameter. + + +strongswan-4.0.3 +---------------- + +- Added support for the auto=route ipsec.conf parameter and the + ipsec route/unroute commands for IKEv2. This allows to set up IKE_SAs and + CHILD_SAs dynamically on demand when traffic is detected by the + kernel. + +- Added support for rekeying IKE_SAs in IKEv2 using the ikelifetime parameter. + As specified in IKEv2, no reauthentication is done (unlike in IKEv1), only + new keys are generated using perfect forward secrecy. An optional flag + which enforces reauthentication will be implemented later. + +- "sha" and "sha1" are now treated as synonyms in the ike= and esp= + algorithm configuration statements. + + +strongswan-4.0.2 +---------------- + +- Full X.509 certificate trust chain verification has been implemented. + End entity certificates can be exchanged via CERT payloads. The current + default is leftsendcert=always, since CERTREQ payloads are not supported + yet. Optional CRLs must be imported locally into /etc/ipsec.d/crls. + +- Added support for leftprotoport/rightprotoport parameters in IKEv2. IKEv2 + would offer more possibilities for traffic selection, but the Linux kernel + currently does not support it. That's why we stick with these simple + ipsec.conf rules for now. + +- Added Dead Peer Detection (DPD) which checks liveliness of remote peer if no + IKE or ESP traffic is received. DPD is currently hardcoded (dpdaction=clear, + dpddelay=60s). + +- Initial NAT traversal support in IKEv2. Charon includes NAT detection + notify payloads to detect NAT routers between the peers. It switches + to port 4500, uses UDP encapsulated ESP packets, handles peer address + changes gracefully and sends keep alive message periodically. + +- Reimplemented IKE_SA state machine for charon, which allows simultaneous + rekeying, more shared code, cleaner design, proper retransmission + and a more extensible code base. + +- The mixed PSK/RSA roadwarrior detection capability introduced by the + strongswan-2.7.0 release necessitated the pre-parsing of the IKE proposal + payloads by the responder right before any defined IKE Main Mode state had + been established. Although any form of bad proposal syntax was being correctly + detected by the payload parser, the subsequent error handler didn't check + the state pointer before logging current state information, causing an + immediate crash of the pluto keying daemon due to a NULL pointer. + + +strongswan-4.0.1 +---------------- + +- Added algorithm selection to charon: New default algorithms for + ike=aes128-sha-modp2048, as both daemons support it. The default + for IPsec SAs is now esp=aes128-sha,3des-md5. charon handles + the ike/esp parameter the same way as pluto. As this syntax does + not allow specification of a pseudo random function, the same + algorithm as for integrity is used (currently sha/md5). Supported + algorithms for IKE: + Encryption: aes128, aes192, aes256 + Integrity/PRF: md5, sha (using hmac) + DH-Groups: modp768, 1024, 1536, 2048, 4096, 8192 + and for ESP: + Encryption: aes128, aes192, aes256, 3des, blowfish128, + blowfish192, blowfish256 + Integrity: md5, sha1 + More IKE encryption algorithms will come after porting libcrypto into + libstrongswan. + +- initial support for rekeying CHILD_SAs using IKEv2. Currently no + perfect forward secrecy is used. The rekeying parameters rekey, + rekeymargin, rekeyfuzz and keylife from ipsec.conf are now supported + when using IKEv2. WARNING: charon currently is unable to handle + simultaneous rekeying. To avoid such a situation, use a large + rekeyfuzz, or even better, set rekey=no on one peer. + +- support for host2host, net2net, host2net (roadwarrior) tunnels + using predefined RSA certificates (see uml scenarios for + configuration examples). + +- new build environment featuring autotools. Features such + as HTTP, LDAP and smartcard support may be enabled using + the ./configure script. Changing install directories + is possible, too. See ./configure --help for more details. + +- better integration of charon with ipsec starter, which allows + (almost) transparent operation with both daemons. charon + handles ipsec commands up, down, status, statusall, listall, + listcerts and allows proper load, reload and delete of connections + via ipsec starter. + + +strongswan-4.0.0 +---------------- + +- initial support of the IKEv2 protocol. Connections in + ipsec.conf designated by keyexchange=ikev2 are negotiated + by the new IKEv2 charon keying daemon whereas those marked + by keyexchange=ikev1 or the default keyexchange=ike are + handled thy the IKEv1 pluto keying daemon. Currently only + a limited subset of functions are available with IKEv2 + (Default AES encryption, authentication based on locally + imported X.509 certificates, unencrypted private RSA keys + in PKCS#1 file format, limited functionality of the ipsec + status command). + + +strongswan-2.7.0 +---------------- + +- the dynamic iptables rules from the _updown_x509 template + for KLIPS and the _updown_policy template for NETKEY have + been merged into the default _updown script. The existing + left|rightfirewall keyword causes the automatic insertion + and deletion of ACCEPT rules for tunneled traffic upon + the successful setup and teardown of an IPsec SA, respectively. + left|rightfirwall can be used with KLIPS under any Linux 2.4 + kernel or with NETKEY under a Linux kernel version >= 2.6.16 + in conjuction with iptables >= 1.3.5. For NETKEY under a Linux + kernel version < 2.6.16 which does not support IPsec policy + matching yet, please continue to use a copy of the _updown_espmark + template loaded via the left|rightupdown keyword. + +- a new left|righthostaccess keyword has been introduced which + can be used in conjunction with left|rightfirewall and the + default _updown script. By default leftfirewall=yes inserts + a bi-directional iptables FORWARD rule for a local client network + with a netmask different from 255.255.255.255 (single host). + This does not allow to access the VPN gateway host via its + internal network interface which is part of the client subnet + because an iptables INPUT and OUTPUT rule would be required. + lefthostaccess=yes will cause this additional ACCEPT rules to + be inserted. + +- mixed PSK|RSA roadwarriors are now supported. The ISAKMP proposal + payload is preparsed in order to find out whether the roadwarrior + requests PSK or RSA so that a matching connection candidate can + be found. + + +strongswan-2.6.4 +---------------- + +- the new _updown_policy template allows ipsec policy based + iptables firewall rules. Required are iptables version + >= 1.3.5 and linux kernel >= 2.6.16. This script obsoletes + the _updown_espmark template, so that no INPUT mangle rules + are required any more. + +- added support of DPD restart mode + +- ipsec starter now allows the use of wildcards in include + statements as e.g. in "include /etc/my_ipsec/*.conf". + Patch courtesy of Matthias Haas. + +- the Netscape OID 'employeeNumber' is now recognized and can be + used as a Relative Distinguished Name in certificates. + + +strongswan-2.6.3 +---------------- + +- /etc/init.d/ipsec or /etc/rc.d/ipsec is now a copy of the ipsec + command and not of ipsec setup any more. + +- ipsec starter now supports AH authentication in conjunction with + ESP encryption. AH authentication is configured in ipsec.conf + via the auth=ah parameter. + +- The command ipsec scencrypt|scdecrypt is now an alias for + ipsec whack --scencrypt|scdecrypt . + +- get_sa_info() now determines for the native netkey IPsec stack + the exact time of the last use of an active eroute. This information + is used by the Dead Peer Detection algorithm and is also displayed by + the ipsec status command. + + +strongswan-2.6.2 +---------------- + +- running under the native Linux 2.6 IPsec stack, the function + get_sa_info() is called by ipsec auto --status to display the current + number of transmitted bytes per IPsec SA. + +- get_sa_info() is also used by the Dead Peer Detection process to detect + recent ESP activity. If ESP traffic was received from the peer within + the last dpd_delay interval then no R_Y_THERE notification must be sent. + +- strongSwan now supports the Relative Distinguished Name "unstructuredName" + in ID_DER_ASN1_DN identities. The following notations are possible: + + rightid="unstructuredName=John Doe" + rightid="UN=John Doe" + +- fixed a long-standing bug which caused PSK-based roadwarrior connections + to segfault in the function id.c:same_id() called by keys.c:get_secret() + if an FQDN, USER_FQDN, or Key ID was defined, as in the following example. + + conn rw + right=%any + rightid=@foo.bar + authby=secret + +- the ipsec command now supports most ipsec auto commands (e.g. ipsec listall). + +- ipsec starter didn't set host_addr and client.addr ports in whack msg. + +- in order to guarantee backwards-compatibility with the script-based + auto function (e.g. auto --replace), the ipsec starter scripts stores + the defaultroute information in the temporary file /var/run/ipsec.info. + +- The compile-time option USE_XAUTH_VID enables the sending of the XAUTH + Vendor ID which is expected by Cisco PIX 7 boxes that act as IKE Mode Config + servers. + +- the ipsec starter now also recognizes the parameters authby=never and + type=passthrough|pass|drop|reject. + + +strongswan-2.6.1 +---------------- + +- ipsec starter now supports the also parameter which allows + a modular structure of the connection definitions. Thus + "ipsec start" is now ready to replace "ipsec setup". + + +strongswan-2.6.0 +---------------- + +- Mathieu Lafon's popular ipsec starter tool has been added to the + strongSwan distribution. Many thanks go to Stephan Scholz from astaro + for his integration work. ipsec starter is a C program which is going + to replace the various shell and awk starter scripts (setup, _plutoload, + _plutostart, _realsetup, _startklips, _confread, and auto). Since + ipsec.conf is now parsed only once, the starting of multiple tunnels is + accelerated tremedously. + +- Added support of %defaultroute to the ipsec starter. If the IP address + changes, a HUP signal to the ipsec starter will automatically + reload pluto's connections. + +- moved most compile time configurations from pluto/Makefile to + Makefile.inc by defining the options USE_LIBCURL, USE_LDAP, + USE_SMARTCARD, and USE_NAT_TRAVERSAL_TRANSPORT_MODE. + +- removed the ipsec verify and ipsec newhostkey commands + +- fixed some 64-bit issues in formatted print statements + +- The scepclient functionality implementing the Simple Certificate + Enrollment Protocol (SCEP) is nearly complete but hasn't been + documented yet. + + +strongswan-2.5.7 +---------------- + +- CA certicates are now automatically loaded from a smartcard + or USB crypto token and appear in the ipsec auto --listcacerts + listing. + + +strongswan-2.5.6 +---------------- + +- when using "ipsec whack --scencrypt " with a PKCS#11 + library that does not support the C_Encrypt() Cryptoki + function (e.g. OpenSC), the RSA encryption is done in + software using the public key fetched from the smartcard. + +- The scepclient function now allows to define the + validity of a self-signed certificate using the --days, + --startdate, and --enddate options. The default validity + has been changed from one year to five years. + + +strongswan-2.5.5 +---------------- + +- the config setup parameter pkcs11proxy=yes opens pluto's PKCS#11 + interface to other applications for RSA encryption and decryption + via the whack interface. Notation: + + ipsec whack --scencrypt + [--inbase 16|hex|64|base64|256|text|ascii] + [--outbase 16|hex|64|base64|256|text|ascii] + [--keyid ] + + ipsec whack --scdecrypt + [--inbase 16|hex|64|base64|256|text|ascii] + [--outbase 16|hex|64|base64|256|text|ascii] + [--keyid ] + + The default setting for inbase and outbase is hex. + + The new proxy interface can be used for securing symmetric + encryption keys required by the cryptoloop or dm-crypt + disk encryption schemes, especially in the case when + pkcs11keepstate=yes causes pluto to lock the pkcs11 slot + permanently. + +- if the file /etc/ipsec.secrets is lacking during the startup of + pluto then the root-readable file /etc/ipsec.d/private/myKey.der + containing a 2048 bit RSA private key and a matching self-signed + certificate stored in the file /etc/ipsec.d/certs/selfCert.der + is automatically generated by calling the function + + ipsec scepclient --out pkcs1 --out cert-self + + scepclient was written by Jan Hutter and Martin Willi, students + at the University of Applied Sciences in Rapperswil, Switzerland. + + +strongswan-2.5.4 +---------------- + +- the current extension of the PKCS#7 framework introduced + a parsing error in PKCS#7 wrapped X.509 certificates that are + e.g. transmitted by Windows XP when multi-level CAs are used. + the parsing syntax has been fixed. + +- added a patch by Gerald Richter which tolerates multiple occurrences + of the ipsec0 interface when using KLIPS. + + +strongswan-2.5.3 +---------------- + +- with gawk-3.1.4 the word "default2 has become a protected + keyword for use in switch statements and cannot be used any + more in the strongSwan scripts. This problem has been + solved by renaming "default" to "defaults" and "setdefault" + in the scripts _confread and auto, respectively. + +- introduced the parameter leftsendcert with the values + + always|yes (the default, always send a cert) + ifasked (send the cert only upon a cert request) + never|no (never send a cert, used for raw RSA keys and + self-signed certs) + +- fixed the initialization of the ESP key length to a default of + 128 bits in the case that the peer does not send a key length + attribute for AES encryption. + +- applied Herbert Xu's uniqueIDs patch + +- applied Herbert Xu's CLOEXEC patches + + +strongswan-2.5.2 +---------------- + +- CRLs can now be cached also in the case when the issuer's + certificate does not contain a subjectKeyIdentifier field. + In that case the subjectKeyIdentifier is computed by pluto as the + 160 bit SHA-1 hash of the issuer's public key in compliance + with section 4.2.1.2 of RFC 3280. + +- Fixed a bug introduced by strongswan-2.5.1 which eliminated + not only multiple Quick Modes of a given connection but also + multiple connections between two security gateways. + + +strongswan-2.5.1 +---------------- + +- Under the native IPsec of the Linux 2.6 kernel, a %trap eroute + installed either by setting auto=route in ipsec.conf or by + a connection put into hold, generates an XFRM_AQUIRE event + for each packet that wants to use the not-yet exisiting + tunnel. Up to now each XFRM_AQUIRE event led to an entry in + the Quick Mode queue, causing multiple IPsec SA to be + established in rapid succession. Starting with strongswan-2.5.1 + only a single IPsec SA is established per host-pair connection. + +- Right after loading the PKCS#11 module, all smartcard slots are + searched for certificates. The result can be viewed using + the command + + ipsec auto --listcards + + The certificate objects found in the slots are numbered + starting with #1, #2, etc. This position number can be used to address + certificates (leftcert=%smartcard) and keys (: PIN %smartcard) + in ipsec.conf and ipsec.secrets, respectively: + + %smartcard (selects object #1) + %smartcard#1 (selects object #1) + %smartcard#3 (selects object #3) + + As an alternative the existing retrieval scheme can be used: + + %smartcard:45 (selects object with id=45) + %smartcard0 (selects first object in slot 0) + %smartcard4:45 (selects object in slot 4 with id=45) + +- Depending on the settings of CKA_SIGN and CKA_DECRYPT + private key flags either C_Sign() or C_Decrypt() is used + to generate a signature. + +- The output buffer length parameter siglen in C_Sign() + is now initialized to the actual size of the output + buffer prior to the function call. This fixes the + CKR_BUFFER_TOO_SMALL error that could occur when using + the OpenSC PKCS#11 module. + +- Changed the initialization of the PKCS#11 CK_MECHANISM in + C_SignInit() to mech = { CKM_RSA_PKCS, NULL_PTR, 0 }. + +- Refactored the RSA public/private key code and transferred it + from keys.c to the new pkcs1.c file as a preparatory step + towards the release of the SCEP client. + + +strongswan-2.5.0 +---------------- + +- The loading of a PKCS#11 smartcard library module during + runtime does not require OpenSC library functions any more + because the corresponding code has been integrated into + smartcard.c. Also the RSAREF pkcs11 header files have been + included in a newly created pluto/rsaref directory so that + no external include path has to be defined any longer. + +- A long-awaited feature has been implemented at last: + The local caching of CRLs fetched via HTTP or LDAP, activated + by the parameter cachecrls=yes in the config setup section + of ipsec.conf. The dynamically fetched CRLs are stored under + a unique file name containing the issuer's subjectKeyID + in /etc/ipsec.d/crls. + +- Applied a one-line patch courtesy of Michael Richardson + from the Openswan project which fixes the kernel-oops + in KLIPS when an snmp daemon is running on the same box. + + +strongswan-2.4.4 +---------------- + +- Eliminated null length CRL distribution point strings. + +- Fixed a trust path evaluation bug introduced with 2.4.3 + + +strongswan-2.4.3 +---------------- + +- Improved the joint OCSP / CRL revocation policy. + OCSP responses have precedence over CRL entries. + +- Introduced support of CRLv2 reason codes. + +- Fixed a bug with key-pad equipped readers which caused + pluto to prompt for the pin via the console when the first + occasion to enter the pin via the key-pad was missed. + +- When pluto is built with LDAP_V3 enabled, the library + liblber required by newer versions of openldap is now + included. + + +strongswan-2.4.2 +---------------- + +- Added the _updown_espmark template which requires all + incoming ESP traffic to be marked with a default mark + value of 50. + +- Introduced the pkcs11keepstate parameter in the config setup + section of ipsec.conf. With pkcs11keepstate=yes the PKCS#11 + session and login states are kept as long as possible during + the lifetime of pluto. This means that a PIN entry via a key + pad has to be done only once. + +- Introduced the pkcs11module parameter in the config setup + section of ipsec.conf which specifies the PKCS#11 module + to be used with smart cards. Example: + + pkcs11module=/usr/lib/pkcs11/opensc-pkcs11.lo + +- Added support of smartcard readers equipped with a PIN pad. + +- Added patch by Jay Pfeifer which detects when netkey + modules have been statically built into the Linux 2.6 kernel. + +- Added two patches by Herbert Xu. The first uses ip xfrm + instead of setkey to flush the IPsec policy database. The + second sets the optional flag in inbound IPComp SAs only. + +- Applied Ulrich Weber's patch which fixes an interoperability + problem between native IPsec and KLIPS systems caused by + setting the replay window to 32 instead of 0 for ipcomp. + + +strongswan-2.4.1 +---------------- + +- Fixed a bug which caused an unwanted Mode Config request + to be initiated in the case where "right" was used to denote + the local side in ipsec.conf and "left" the remote side, + contrary to the recommendation that "right" be remote and + "left" be"local". + + +strongswan-2.4.0a +----------------- + +- updated Vendor ID to strongSwan-2.4.0 + +- updated copyright statement to include David Buechi and + Michael Meier + + +strongswan-2.4.0 +---------------- + +- strongSwan now communicates with attached smartcards and + USB crypto tokens via the standardized PKCS #11 interface. + By default the OpenSC library from www.opensc.org is used + but any other PKCS#11 library could be dynamically linked. + strongSwan's PKCS#11 API was implemented by David Buechi + and Michael Meier, both graduates of the Zurich University + of Applied Sciences in Winterthur, Switzerland. + +- When a %trap eroute is triggered by an outgoing IP packet + then the native IPsec stack of the Linux 2.6 kernel [often/ + always?] returns an XFRM_ACQUIRE message with an undefined + protocol family field and the connection setup fails. + As a workaround IPv4 (AF_INET) is now assumed. + +- the results of the UML test scenarios are now enhanced + with block diagrams of the virtual network topology used + in a particular test. + + +strongswan-2.3.2 +---------------- + +- fixed IV used to decrypt informational messages. + This bug was introduced with Mode Config functionality. + +- fixed NCP Vendor ID. + +- undid one of Ulrich Weber's maximum udp size patches + because it caused a segmentation fault with NAT-ed + Delete SA messages. + +- added UML scenarios wildcards and attr-cert which + demonstrate the implementation of IPsec policies based + on wildcard parameters contained in Distinguished Names and + on X.509 attribute certificates, respectively. + + +strongswan-2.3.1 +---------------- + +- Added basic Mode Config functionality + +- Added Mathieu Lafon's patch which upgrades the status of + the NAT-Traversal implementation to RFC 3947. + +- The _startklips script now also loads the xfrm4_tunnel + module. + +- Added Ulrich Weber's netlink replay window size and + maximum udp size patches. + +- UML testing now uses the Linux 2.6.10 UML kernel by default. + + +strongswan-2.3.0 +---------------- + +- Eric Marchionni and Patrik Rayo, both recent graduates from + the Zuercher Hochschule Winterthur in Switzerland, created a + User-Mode-Linux test setup for strongSwan. For more details + please read the INSTALL and README documents in the testing + subdirectory. + +- Full support of group attributes based on X.509 attribute + certificates. Attribute certificates can be generated + using the openac facility. For more details see + + man ipsec_openac. + + The group attributes can be used in connection definitions + in order to give IPsec access to specific user groups. + This is done with the new parameter left|rightgroups as in + + rightgroups="Research, Sales" + + giving access to users possessing the group attributes + Research or Sales, only. + +- In Quick Mode clients with subnet mask /32 are now + coded as IP_V4_ADDRESS or IP_V6_ADDRESS. This should + fix rekeying problems with the SafeNet/SoftRemote and NCP + Secure Entry Clients. + +- Changed the defaults of the ikelifetime and keylife parameters + to 3h and 1h, respectively. The maximum allowable values are + now both set to 24 h. + +- Suppressed notification wars between two IPsec peers that + could e.g. be triggered by incorrect ISAKMP encryption. + +- Public RSA keys can now have identical IDs if either the + issuing CA or the serial number is different. The serial + number of a certificate is now shown by the command + + ipsec auto --listpubkeys + + +strongswan-2.2.2 +---------------- + +- Added Tuomo Soini's sourceip feature which allows a strongSwan + roadwarrior to use a fixed Virtual IP (see README section 2.6) + and reduces the well-known four tunnel case on VPN gateways to + a single tunnel definition (see README section 2.4). + +- Fixed a bug occuring with NAT-Traversal enabled when the responder + suddenly turns initiator and the initiator cannot find a matching + connection because of the floated IKE port 4500. + +- Removed misleading ipsec verify command from barf. + +- Running under the native IP stack, ipsec --version now shows + the Linux kernel version (courtesy to the Openswan project). + + +strongswan-2.2.1 +---------------- + +- Introduced the ipsec auto --listalgs monitoring command which lists + all currently registered IKE and ESP algorithms. + +- Fixed a bug in the ESP algorithm selection occuring when the strict flag + is set and the first proposed transform does not match. + +- Fixed another deadlock in the use of the lock_certs_and_keys() mutex, + occuring when a smartcard is present. + +- Prevented that a superseded Phase1 state can trigger a DPD_TIMEOUT event. + +- Fixed the printing of the notification names (null) + +- Applied another of Herbert Xu's Netlink patches. + + +strongswan-2.2.0 +---------------- + +- Support of Dead Peer Detection. The connection parameter + + dpdaction=clear|hold + + activates DPD for the given connection. + +- The default Opportunistic Encryption (OE) policy groups are not + automatically included anymore. Those wishing to activate OE can include + the policy group with the following statement in ipsec.conf: + + include /etc/ipsec.d/examples/oe.conf + + The default for [right|left]rsasigkey is now set to %cert. + +- strongSwan now has a Vendor ID of its own which can be activated + using the compile option VENDORID + +- Applied Herbert Xu's patch which sets the compression algorithm correctly. + +- Applied Herbert Xu's patch fixing an ESPINUDP problem + +- Applied Herbert Xu's patch setting source/destination port numbers. + +- Reapplied one of Herbert Xu's NAT-Traversal patches which got + lost during the migration from SuperFreeS/WAN. + +- Fixed a deadlock in the use of the lock_certs_and_keys() mutex. + +- Fixed the unsharing of alg parameters when instantiating group + connection. + + +strongswan-2.1.5 +---------------- + +- Thomas Walpuski made me aware of a potential DoS attack via + a PKCS#7-wrapped certificate bundle which could overwrite valid CA + certificates in Pluto's authority certificate store. This vulnerability + was fixed by establishing trust in CA candidate certificates up to a + trusted root CA prior to insertion into Pluto's chained list. + +- replaced the --assign option by the -v option in the auto awk script + in order to make it run with mawk under debian/woody. + + +strongswan-2.1.4 +---------------- + +- Split of the status information between ipsec auto --status (concise) + and ipsec auto --statusall (verbose). Both commands can be used with + an optional connection selector: + + ipsec auto --status[all] + +- Added the description of X.509 related features to the ipsec_auto(8) + man page. + +- Hardened the ASN.1 parser in debug mode, especially the printing + of malformed distinguished names. + +- The size of an RSA public key received in a certificate is now restricted to + + 512 bits <= modulus length <= 8192 bits. + +- Fixed the debug mode enumeration. + + +strongswan-2.1.3 +---------------- + +- Fixed another PKCS#7 vulnerability which could lead to an + endless loop while following the X.509 trust chain. + + +strongswan-2.1.2 +---------------- + +- Fixed the PKCS#7 vulnerability discovered by Thomas Walpuski + that accepted end certificates having identical issuer and subject + distinguished names in a multi-tier X.509 trust chain. + + +strongswan-2.1.1 +---------------- + +- Removed all remaining references to ipsec_netlink.h in KLIPS. + + +strongswan-2.1.0 +---------------- + +- The new "ca" section allows to define the following parameters: + + ca kool + cacert=koolCA.pem # cacert of kool CA + ocspuri=http://ocsp.kool.net:8001 # ocsp server + ldapserver=ldap.kool.net # default ldap server + crluri=http://www.kool.net/kool.crl # crl distribution point + crluri2="ldap:///O=Kool, C= .." # crl distribution point #2 + auto=add # add, ignore + + The ca definitions can be monitored via the command + + ipsec auto --listcainfos + +- Fixed cosmetic corruption of /proc filesystem by integrating + D. Hugh Redelmeier's freeswan-2.06 kernel fixes. + + +strongswan-2.0.2 +---------------- + +- Added support for the 818043 NAT-Traversal update of Microsoft's + Windows 2000/XP IPsec client which sends an ID_FQDN during Quick Mode. + +- A symbolic link to libcrypto is now added in the kernel sources + during kernel compilation + +- Fixed a couple of 64 bit issues (mostly casts to int). + Thanks to Ken Bantoft who checked my sources on a 64 bit platform. + +- Replaced s[n]printf() statements in the kernel by ipsec_snprintf(). + Credits go to D. Hugh Redelmeier, Michael Richardson, and Sam Sgro + of the FreeS/WAN team who solved this problem with the 2.4.25 kernel. + + +strongswan-2.0.1 +---------------- + +- an empty ASN.1 SEQUENCE OF or SET OF object (e.g. a subjectAltName + certificate extension which contains no generalName item) can cause + a pluto crash. This bug has been fixed. Additionally the ASN.1 parser has + been hardened to make it more robust against malformed ASN.1 objects. + +- applied Herbert Xu's NAT-T patches which fixes NAT-T under the native + Linux 2.6 IPsec stack. + + +strongswan-2.0.0 +---------------- + +- based on freeswan-2.04, x509-1.5.3, nat-0.6c, alg-0.8.1rc12 -- cgit v1.2.3