Monolithic IKEv1/IKEv2 keying daemon
The charon IKE daemon gained support for the IKEv1 protocol. This means that both protocols are now handled by a single daemon. Our wiki provides information about interoperability and the migration from earlier releases.
More details can also be found in a previous blog post.
Other notable changes
- The message bus in charon has been refactored so that loggers and other listeners are now handled separately. This avoids deadlocks caused by extensive listeners (e.g. by the updown plugin) and improves performance if multiple loggers are registered.
- Source routes are reinstalled if network interfaces are reactivated or IP addresses reappear.
- scepclient was updated so that it works with newer SCEP implementations like Windows Server 2008 R2.
- Thanks to initial patches by Aleksandr Grinberg the openssl plugin now provides PRFs and signers based on HMACs and can be used as RNG.
- The NetworkManager charon plugin was extracted and is now provided by a separate executable which should work again with NM 0.9.
Download it from here - a more extensive changelog can be found on our wiki.