We are proud to announce the release of strongSwan 5.4.0 which makes VICI the preferred management interface, enforces a consistent 128 bit default security strength and brings support for IKEv2 redirection.
VICI is now the Preferred Configuration Interface
Starting with the strongSwan 5.4 release the Versatile IKE Configuration Interface (VICI) has become our preferred way to manage the charon IKE daemon. Therefore the vici plugin and the swanctl command line tool are now built and enabled by default. For the time being the stroke plugin is still supported by default, too. The VICI capability was considerably improved with support for raw public keys, extended certificate management support, asynchronous initiation and termination, reversal of configured start actions when configs are unloaded and more (refer to the changelog for details). A large selection of swanctl example scenarios are available. Also VICI bindings for the Python, Ruby and Perl script languages make it easy to build customized VPN management applications.
Default Proposals Increased to 128 Bit Security Strength
The IKE and ESP default proposals now use a consistent security strength of 128 bit. The default DH group for IKE is now either ecp256 or modp3072, depending on whether the openssl plugin is loaded or not. The default ESP proposal is aes128-sha256, which requires HMAC-SHA2-256 support with 128 bit truncation, which the Linux kernel correctly implements since 2.6.33.
If PFS is used DH groups of CHILD_SAs are now displayed in ipsec statusall (for IKEv2 only after rekeying or if the CHILD_SA got established with a separate CREATE_CHILD_SA exchange).
Support for IKEv2 Redirection
Support for IKEv2 redirection (RFC 5685) has been added. Plugins may implement the
redirect_provider_t interface to decide if and when to redirect connecting clients. It is also possible to redirect established IKE_SAs based on different selectors via vici/swanctl. Unless disabled in strongswan.conf the charon daemon will follow redirect requests received from servers.
Delayed Online Revocation Checks for MBB-Reauthentication
The initiator of an IKEv2 make-before-break reauthentication now suspends online certificate revocation checks (OCSP, CRLs) until the new IKE_SA and all CHILD_SAs are established. This is required if the checks are done over the CHILD_SA established with the new IKE_SA. This is not possible until the initiator installs this SA and that only happens after the authentication is completed successfully. So we suspend the checks during the reauthentication and do them afterwards, if they fail the IKE_SA is closed. This change has no effect on the behavior during the authentication of the initial IKE_SA.
Explicit Configuration of IKEv2 Signature Scheme Constraints
ike: prefix enables the explicit configuration of signature scheme constraints against IKEv2 authentication in rightauth, which allows the use of different signature schemes for trustchain verification and authentication. Configuration of such constraints via vici/swanctl is now also possible.
Port/Address Ranges in Traffic Selectors and Subnets/Ranges for Shared Secrets
Traffic selectors with port ranges can now be configured in the Linux kernel, e.g. remote_ts = 10.1.0.0/16[tcp/20-23] and local_ts = dynamic[tcp/32768-65535]. The port range must map to a port mask, though, since the kernel does not support arbitrary ranges.
The vici plugin allows the configuration of IPv4 and IPv6 address ranges in local and remote traffic selectors. Since both the Linux kernel and
iptables cannot handle arbitrary ranges, address ranges are mapped to the next larger CIDR subnet by the kernel-netlink and updown plugins, respectively.
IPv4/IPv6 address ranges and subnets may now be used as owners of shared secrets.
Perl Binding for VICI
For the vici plugin a Vici:Session Perl CPAN module has been added to allow Perl applications to control and/or monitor the IKE daemon using the VICI interface, similar to the existing Python egg or Ruby gem.
Other Notable Fixes
- The new p-cscf plugin can request P-CSCF server addresses from an ePDG via IKEv2 (RFC 7651).
- Successfully rekeyed CHILD_SAs of IKEv1 SAs may now optionally be deleted immediately instead of waiting for the hard timeout.
- The order of NAT-D payloads in Aggressive Mode messages has been changed so that they are better recognized by some clients (#1239).
- The encoding of virtual IPv6 addresses was corrected for IKEv1 (#1304).
- The charon.reuse_ikesa option is now always enabled for IKEv1 (#1236).
- An old issue with rekeying and the updown script was fixed (#853).
- A deadlock in the vici plugin was fixed if start_action=trap|start is used (#1185).
- The connmark plugin received some updates (#1212, #1229, #1230)
- All strongswan.conf options defined in the charon section now also apply for charon-systemd (#1300).