• Back to all releases

Version 4.2.13 of strongSwan

Changes: Starting with the Linux 2.6.33 kernel, the SHA-256/384/512 HMAC ESP data integrity algorithms are now configured by strongSwan with the correct truncation length. Older kernels require a SHA-2 patch. The IKEv2 charon daemon has been ported to the Android platform. DNS and NBNS server information stored in an SQL database can be distributed to VPN clients via the IKEv1 Mode Config or the IKEv2 Configuration payload.

Changes: The IKEv1 pluto daemon can attach SQL-based address pools to deal out virtual IP addresses as a Mode Config server in either Pull or Push mode. In addition to time based rekeying, the IKEv2 charon daemon supports IPsec SA lifetimes based on processed volume measured in bytes or number of packets.

Changes: The IKEv2 charon daemon has been ported to FreeBSD and Mac OS X.

Changes: Optional integrity checksum tests are done over all strongSwan dynamic libraries and plugins during startup. The IKEv1 pluto daemon now supports the ESP authenticated encryption algorithms AES-GCM and AES-CCM.

Changes: The IKEv1 and IKEv2 daemons now share the same crypto framework. Either the built-in algorithms or the OpenSSL or GNU libgcrypt libraries can be used. During startup, self-tests for all cryptographic algorithms are executed. The IKEv1 daemon supports elliptic curve Diffie-Hellman groups and ECDSA signatures. Two minor DoS vulnerabilities in the ASN.1 parser were fixed.