+strongswan-4.0.5
+----------------
+
+- IKEv1: Implementation of ModeConfig push mode via the new connection
+ keyword modeconfig=push allows interoperability with Cisco VPN gateways.
+
+- IKEv1: The command ipsec statusall now shows "DPD active" for all
+ ISAKMP SAs that are under active Dead Peer Detection control.
+
+- IKEv2: Charon's logging and debugging framework has been completely rewritten.
+ Instead of logger, special printf() functions are used to directly
+ print objects like hosts (%H) identifications (%D), certificates (%Q),
+ etc. The number of debugging levels have been reduced to:
+
+ 0 (audit), 1 (control), 2 (controlmore), 3 (raw), 4 (private)
+
+ The debugging levels can either be specified statically in ipsec.conf as
+
+ config setup
+ charondebug="lib 1, cfg 3"
+
+ or changed dynamically via stroke as
+
+ ipsec stroke --debug-lib 1 --debug-cfg 3
+
+
+strongswan-4.0.4
+----------------
+
+- Implemented full support for IPv6-in-IPv6 tunnels.
+
+- Added configuration options for dead peer detection in IKEv2. dpd_action
+ types "clear", "hold" and "restart" are supported. The dpd_timeout
+ value is not used, as the normal retransmission policy applies to
+ detect dead peers. The dpd_delay parameter enables sending of empty
+ informational message to detect dead peers in case of inactivity.
+
+- Added support for preshared keys in IKEv2. PSK keys configured in
+ ipsec.secrets are loaded. The authby parameter specifies the authentication
+ method to authentificate ourself, the other peer may use PSK or RSA.
+
+- Changed retransmission policy to respect the keyingtries parameter.
+
+- Added private key decryption. PEM keys encrypted with AES-128/192/256
+ or 3DES are supported.
+
+- Implemented DES/3DES algorithms in libstrongswan. 3DES can be used to
+ encrypt IKE traffic.
+
+- Implemented SHA-256/384/512 in libstrongswan, allows usage of certificates
+ signed with such a hash algorithm.
+
+- Added initial support for updown scripts. The actions up-host/client and
+ down-host/client are executed. The leftfirewall=yes parameter
+ uses the default updown script to insert dynamic firewall rules, a custom
+ updown script may be specified with the leftupdown parameter.
+
+
+strongswan-4.0.3
+----------------
+
+- Added support for the auto=route ipsec.conf parameter and the
+ ipsec route/unroute commands for IKEv2. This allows to set up IKE_SAs and
+ CHILD_SAs dynamically on demand when traffic is detected by the
+ kernel.
+
+- Added support for rekeying IKE_SAs in IKEv2 using the ikelifetime parameter.
+ As specified in IKEv2, no reauthentication is done (unlike in IKEv1), only
+ new keys are generated using perfect forward secrecy. An optional flag
+ which enforces reauthentication will be implemented later.
+
+- "sha" and "sha1" are now treated as synonyms in the ike= and esp=
+ algorithm configuration statements.
+
+
strongswan-4.0.2
----------------
listcerts and allows proper load, reload and delete of connections
via ipsec starter.
+
strongswan-4.0.0
----------------
projects / strongswan.git / blobdiff