strongSwan Changelog

New in version 5.0.4

May 1st, 2013
  • Fixed a security vulnerability in the openssl plugin which was reported by Kevin Wojtysiak. The vulnerability has been registered as CVE-2013-2944. Before the fix, if the openssl plugin's ECDSA signature verification was used, due to a misinterpretation of the error code returned by the OpenSSL ECDSA_verify() function, an empty or zeroed signature was accepted as a legitimate one. Refer to our blog for details.
  • The handling of a couple of other non-security relevant OpenSSL return codes was fixed as well.
  • The tnc_ifmap plugin now publishes virtual IPv4 and IPv6 addresses via its TCG TNC IF-MAP 2.1 interface.
  • The charon.initiator_only strongswan.conf option causes charon to ignore IKE initiation requests.
  • The openssl plugin can now use the openssl-fips library.

New in version 5.0.2 (January 31st, 2013)

  • Implemented all IETF Standard PA-TNC attributes and an OS IMC/IMV pair using them to transfer operating system information.
  • The new "ipsec listcounters" command prints a list of global counter values about received and sent IKE messages and rekeyings.
  • A new lookip plugin can perform fast lookup of tunnel information using a clients virtual IP and can send notifications about established or deleted tunnels. The "ipsec lookip" command can be used to query such information or receive notifications.
  • The new error-notify plugin catches some common error conditions and allows an external application to receive notifications for them over a UNIX socket.
  • IKE proposals can now use a PRF algorithm different to that defined for integrity protection. If an algorithm with a "prf" prefix is defined explicitly (such as prfsha1 or prfsha256), no implicit PRF algorithm based on the integrity algorithm is added to the proposal.
  • The pkcs11 plugin can now load leftcert certificates from a smartcard for a specific ipsec.conf conn section and cacert CA certificates for a specific ca section.
  • The load-tester plugin gained additional options for certificate generation and can load keys and multiple CA certificates from external files. It can install a dedicated outer IP address for each tunnel and tunnel initiation batches can be triggered and monitored externally using the "ipsec load-tester" tool.
  • PKCS#7 container parsing has been modularized, and the openssl plugin gained an alternative implementation to decrypt and verify such files. In contrast to our own DER parser, OpenSSL can handle BER files, which is required for interoperability of our scepclient with EJBCA.
  • Support for the proprietary IKEv1 fragmentation extension has been added. Fragments are always handled on receipt but only sent if supported by the peer and if enabled with the new fragmentation ipsec.conf option.
  • IKEv1 in charon can now parse certificates received in PKCS#7 containers and supports NAT traversal as used by Windows clients. Patches courtesy of Volker RĂĽmelin.
  • The new rdrand plugin provides a high quality / high performance random source using the Intel rdrand instruction found on Ivy Bridge processors.
  • The integration test environment was updated and now uses KVM and reproducible guest images based on Debian.

New in version 5.0.1 (October 5th, 2012)

  • Introduced the sending of the standard IETF Assessment Result PA-TNC attribute by all strongSwan Integrity Measurement Verifiers.
  • Extended PTS Attestation IMC/IMV pair to provide full evidence of the Linux IMA measurement process. All pertinent file information of a Linux OS can be collected and stored in an SQL database.
  • The PA-TNC and PB-TNC protocols can now process huge data payloads >64 kB by distributing PA-TNC attributes over multiple PA-TNC messages and these messages over several PB-TNC batches. As long as no consolidated recommandation from all IMVs can be obtained, the TNC server requests more client data by sending an empty SDATA batch.
  • The rightgroups2 ipsec.conf option can require group membership during a second authentication round, for example during XAuth authentication against a RADIUS server.
  • The xauth-pam backend can authenticate IKEv1 XAuth and Hybrid authenticated clients against any PAM service. The IKEv2 eap-gtc plugin does not use PAM directly anymore, but can use any XAuth backend to verify credentials, including xauth-pam.
  • The new unity plugin brings support for some parts of the IKEv1 Cisco Unity Extension. As client, charon narrows traffic selectors to the received Split-Include attributes and automatically installs IPsec bypass policies for received Local-LAN attributes. As server, charon sends Split-Include attributes for leftsubnet definitions containing multiple subnets to Unity- aware clients.
  • An EAP-Nak payload is returned by clients if the gateway requests an EAP method that the client does not support. Clients can also request a specific EAP method by configuring that method with leftauth in ipsec.conf.
  • The eap-dynamic plugin handles EAP-Nak payloads returned by clients and uses these to select a different EAP method supported/requested by the client. The plugin initially requests the first registered method or the first method configured with charon.plugins.eap-dynamic.preferred in strongswan.conf.
  • The new left|rightdns ipsec.conf options specify connection specific DNS servers to request/respond in IKEv2 configuration payloads or IKEv2 mode config. leftdns can be any (comma separated) combination of %config4 and %config6 to request multiple servers, both for IPv4 and IPv6. rightdns takes a list of DNS server IP addresses to return.
  • The left|rightsourceip options now accept multiple addresses or pools. leftsourceip can be any (comma separated) combination of %config4, %config6 or fixed IP addresses to request. rightsourceip accepts multiple explicitly specified or referenced named pools.
  • Multiple connections can now share a single address pool when they use the same definition in one of the rightsourceip pools.
  • The strongswan.conf options charon.interfaces_ignore and charon.interfaces_use allow one to configure the network interfaces used by the daemon.
  • The kernel-netlink plugin supports the new strongswan.conf option charon.install_virtual_ip_on, which specifies the interface on which virtual IP addresses will be installed. If it is not specified the current behavior of using the outbound interface is preserved.
  • The kernel-netlink plugin tries to keep the current source address when looking for valid routes to reach other hosts.
  • The autotools build has been migrated to use a config.h header. strongSwan development headers will get installed during "make install" if --with-dev-headers has been passed to ./configure.
  • All crypto primitives gained return values for most operations, allowing crypto backends to fail, for example when using hardware accelerators.
  • The UDP ports used by charon can be configured via ./configure or the charon.port and charon.port_nat_t options in strongswan.conf, if ports are configure to 0 they will be allocated randomly.
  • The NetworkManager backend (charon-nm) uses random source ports to avoid conflicts with regular charon.
  • With uniqueids=never configured in ipsec.conf INITIAL_CONTACT notifies are ignored. Even with uniqueids=no configured the daemon will delete existing IKE_SAs with the same peer upon receipt of an INITIAL_CONTACT notify. This new option allows to ignore these notifies.
  • Prefixing the identity configured with rightid with a % character prevents initiators from sending an IDr payload in the IKE_AUTH exchange. Later the configured identity will not only be checked against the returned IDr, but also against other identities contained in the responder's certificate.
  • Non-"/0" subnet sizes are accepted for traffic selectors starting at
  • Job handling in controller_t was fixed, which occasionally caused crashes on ipsec up/down.
  • Caching of relations in validated certificate chains can be disabled with the libstrongswan.cert_cache strongswan.conf option.
  • Logging of multi-line log messages was fixed in situations where more than one logger was registered.
  • Fixed transmission EAP-MSCHAPv2 user name if it contains a domain part.
  • Added an option to enforce the configured destination address for DHCP packets.

New in version 5.0.0 (July 3rd, 2012)

  • The IKEv1 protocol was re-implemented from scratch by extending the successful IKEv2 code.
  • The charon keying daemon now supports both protocols, which allowed the old IKEv1 pluto daemon to be removed.
  • Support for the IKEv1 Aggressive and Hybrid Modes has been added.

New in version 4.6.3 (May 3rd, 2012)

  • An extended EAP-RADIUS interfaces allows one to enforce Session-Timeout attributes using RFC4478 repeated authentication, and acts upon RADIUS Dynamic Authorization extensions (RFC 5176).
  • Currently supported are disconnect requests and CoA messages containing a Session-Timeout.
  • The tnc-pdp plugin implements a RADIUS server interface allowing a strongSwan TNC server to act as a Policy Decision Point.

New in version 4.6.3 RC1 (April 20th, 2012)

  • The tnc-pdp plugin implements a RADIUS server interface allowing a strongSwan TNC server to act as a Policy Decision Point.
  • The eap-radius authentication backend enforces Session-Timeout attributes using RFC4478 repeated authentication and acts upon RADIUS Dynamic Authorization extensions, RFC 5176. Currently supported are disconnect requests and CoA messages containing a Session-Timeout.
  • The eap-radius plugin can forward arbitrary RADIUS attributes from and to clients using custom IKEv2 notify payloads. The new radattr plugin reads attributes to include from files and prints received attributes to the console.
  • Added support for untruncated MD5 and SHA1 HMACs in ESP as used in RFC 4595.
  • The cmac plugin implements the AES-CMAC-96 and AES-CMAC-PRF-128 algorithms as defined in RFC 4494 and RFC 4615, respectively.
  • The resolve plugin automatically installs nameservers via resolveconf(8), if it is installed, instead of modifying /etc/resolv.conf directly.

New in version 4.6.3dr1 (March 19th, 2012)

  • The tnc-pdp plugin implements a RADIUS server interface allowing a strongSwan TNC server to act as a Policy Decision Point.
  • Added infrastructure to listen to RADIUS Dynamic Authorization Extension requests.
  • Added support for untruncated MD5 and SHA1 HMACs in ESP as used in RFC 4595.

New in version 4.6.1 (November 14th, 2011)

  • runs on Linux 2.6 and 3.x kernels, Android, Maemo, FreeBSD, and Mac OS X
  • implements both the IKEv1 and IKEv2 (RFC 5996) key exchange protocols
  • Fully tested support of IPv6 IPsec tunnel and transport connections
  • Dynamical IP address and interface update with IKEv2 MOBIKE (RFC 4555)
  • Automatic insertion and deletion of IPsec-policy-based firewall rules
  • Strong 128/192/256 bit AES or Camellia encryption, 3DES support
  • NAT-Traversal via UDP encapsulation and port floating (RFC 3947)
  • Dead Peer Detection (DPD, RFC 3706) takes care of dangling tunnels
  • Static virtual IPs and IKEv1 ModeConfig pull and push modes
  • XAUTH server and client functionality on top of IKEv1 Main Mode authentication
  • Virtual IP address pool managed by IKE daemon or SQL database
  • Secure IKEv2 EAP user authentication (EAP-SIM, EAP-AKA, EAP-TLS, EAP-MSCHAPv2, etc.)
  • Optional relaying of EAP messages to AAA server via EAP-RADIUS plugin
  • Support of IKEv2 Multiple Authentication Exchanges (RFC 4739)
  • Authentication based on X.509 certificates or preshared keys
  • Generation of a default self-signed certificate during first strongSwan startup
  • Retrieval and local caching of Certificate Revocation Lists via HTTP or LDAP
  • Full support of the Online Certificate Status Protocol (OCSP, RCF 2560).
  • CA management (OCSP and CRL URIs, default LDAP server)
  • Powerful IPsec policies based on wildcards or intermediate CAs
  • Group policies based on X.509 attribute certificates (RFC 3281)
  • Storage of RSA private keys and certificates on a smartcard (PKCS #11 interface)
  • Modular plugins for crypto algorithms and relational database interfaces
  • Support of elliptic curve DH groups and ECDSA certificates (Suite B, RFC 4869)
  • Optional built-in integrity and crypto tests for plugins and libraries
  • Smooth Linux desktop integration via the strongSwan NetworkManager applet
  • Trusted Network Connect compliant to PB-TNC (RFC 5793) and PA-TNC (RFC 5792)

New in version 4.6.0 (November 7th, 2011)

  • The libstrongswan plugin system now supports detailed plugin dependencies.
  • Many plugins have been extended to export their capabilities and requirements.
  • This allows the plugin loader to resolve the plugin loading order automatically.
  • The pkcs11 plugin has been extended to handle Elliptic Curve Cryptography smartcards.
  • The tnc-ifmap plugin implements a TNC IF-MAP 2.0 client which can deliver metadata about IKE_SAs via a SOAP interface to a Trusted Network Connect MAP server.