Add NEWS for ESN/custom replay window support

author: Martin Willi <martin@revosec.ch> 2011-04-18 16:00:38 +0200
committer: Martin Willi <martin@revosec.ch> 2011-04-20 12:26:58 +0200
commit: d3d21c29db4592e8588bd3e73dfae2792bd393cd (patch)
tree: f7d8345f012c0814e698cf3d070b97672017fc2a /NEWS
parent: 98788537befb2d1a7926f06643f955c96fa9d4df (diff)
download: strongswan-d3d21c29db4592e8588bd3e73dfae2792bd393cd.tar.bz2
strongswan-d3d21c29db4592e8588bd3e73dfae2792bd393cd.tar.xz
1 files changed, 11 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index 80b7125d1..af7ccf058 100644
--- a/NEWS
+++ b/NEWS
@@ -24,6 +24,17 @@ strongswan-4.5.2
   all plugins to reload. Currently only the eap-radius and the attr plugins
   support configuration reloading.
 
+- Added userland support to the IKEv2 daemon for Extended Sequence Numbers
+  support coming with Linux 2.6.39. To enable ESN on a connection, add
+  the 'esn' keyword to the proposal. The default proposal uses 32-bit sequence
+  numbers only ('noesn'), and the same value is used if no ESN mode is
+  specified. To negotiate ESN support with the peer, include both, e.g.
+  esp=aes128-sha1-esn-noesn.
+
+- In addition to ESN, Linux 2.6.39 gained support for replay windows larger
+  than 32 packets. The new global strongswan.conf option 'charon.replay_window'
+  configures the size of the replay window, in packets.
+
 
 strongswan-4.5.1
 ----------------
author	Martin Willi <martin@revosec.ch>	2011-04-18 16:00:38 +0200
committer	Martin Willi <martin@revosec.ch>	2011-04-20 12:26:58 +0200
commit	d3d21c29db4592e8588bd3e73dfae2792bd393cd (patch)
tree	f7d8345f012c0814e698cf3d070b97672017fc2a /NEWS
parent	98788537befb2d1a7926f06643f955c96fa9d4df (diff)
download	strongswan-d3d21c29db4592e8588bd3e73dfae2792bd393cd.tar.bz2 strongswan-d3d21c29db4592e8588bd3e73dfae2792bd393cd.tar.xz