X-Git-Url: https://git.strongswan.org/?p=strongswan.git;a=blobdiff_plain;f=NEWS;h=36e42414d6ce20180816e4b68aaa445bb0330577;hp=bbdece6fd0ca99f6f45e13c88e4fa9d08eaa9196;hb=a846ffdb481dff60aecf6042c20f5924db87a591;hpb=7e81e975436a6edde843f3beca546a33b66540d5

diff --git a/NEWS b/NEWS
index bbdece6..36e4241 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,31 @@
+- added dead peer detection which checks aliveness of remote peer if no 
+  IKE or ESP traffic is received. Support for dpdaction, dpddelay???
+
+- Added support for leftprotoport/rightprotoport parameters in IKEv2. IKEv2 
+  would offer more possibilities for traffic selection, but the Linux kernel
+  currently does not support it. That's why we stick with these simple 
+  ipsec.conf rules for now.
+
+- Initial NAT traversal support in IKEv2. Charon includes NAT detection
+  notify payloads to detect NAT routers between the peers. It switches
+  to port 4500, uses UDP encapsulated ESP packets, handles peer address
+  changes gracefully and sends keep alive message periodically.
+
+- Reimplemented IKE_SA state machine for charon, which allows simultaneous 
+  rekeying, more shared code, cleaner design, proper retransmission 
+  and a more extensible code base.
+
+strongswan-4.0.2
+----------------
+
+- The mixed PSK/RSA roadwarrior detection capability introduced by the
+  strongswan-2.7.0 release necessitated the pre-parsing of the IKE proposal
+  payloads by the responder right before any defined IKE Main Mode state had
+  been established. Although any form of bad proposal syntax was being correctly
+  detected by the payload parser, the subsequent error handler didn't check
+  the state pointer before logging current state information, causing an
+  immediate crash of the pluto keying daemon due to a NULL pointer.
+
 strongswan-4.0.1
 ----------------