diff options
author | Martin Willi <martin@revosec.ch> | 2013-10-11 11:40:02 +0200 |
---|---|---|
committer | Martin Willi <martin@revosec.ch> | 2013-10-11 11:42:13 +0200 |
commit | 390d2b50b3ad0426d23d72f96682853141fb1a0a (patch) | |
tree | 22d2dc9da6beb274fecd9bef19a5126ce669ee02 /NEWS | |
parent | 5900d6d469d24faf7052ed24f013f02cb33a7095 (diff) | |
download | strongswan-390d2b50b3ad0426d23d72f96682853141fb1a0a.tar.bz2 strongswan-390d2b50b3ad0426d23d72f96682853141fb1a0a.tar.xz |
NEWS: Updates for the ah, libipsec-usestats and printf-hook merges
Diffstat (limited to 'NEWS')
-rw-r--r-- | NEWS | 13 |
1 files changed, 13 insertions, 0 deletions
@@ -17,14 +17,27 @@ strongswan-5.1.1 modeconfig=push option enables it for both client and server, the same way as pluto used it. +- Using the "ah" ipsec.conf keyword on both IKEv1 and IKEv2 connections, + charon can negotiate and install Security Associations integrity-protected by + the Authentication Header protocol. Supported are plain AH(+IPComp) SAs only, + but not the deprecated RFC2401 style ESP+AH bundles. + - The left and right options in ipsec.conf can take multiple address ranges and subnets. This allows connection matching against a larger set of addresses, for example to use a different connection for clients connecting from a internal network. +- The kernel-libipsec userland IPsec backend now supports usage statistics, + volume based rekeying and accepts ESPv3 style TFC padded packets. + - load-tester supports transport mode connections and more complex traffic selectors, including such using unique ports for each tunnel. +- libstrongswan now can provide an experimental custom implementation of the + printf family functions based on klibc if neither Vstr nor glibc style printf + hooks are available. This can avoid the Vstr dependency on some systems at + the cost of slower and less complete printf functions. + strongswan-5.1.0 ---------------- |