Blog

Release and vulnerability announcements for strongSwan

strongSwan 6.0.1 Released

We are happy to announce the release of strongSwan 6.0.1, which adds support for multiple key exchanges to the ha plugin, brings new options for the dhcp and eap-radius plugins, and comes with several other new features and fixes.

release6.0.x

Support for multiple Key Exchanges in the ha Plugin

Support for multiple IKEv2 key exchanges (RFC 9370) has been added to the high availability (ha) plugin, which allows synchronizing IKE and Child SAs that use up to seven additional key exchanges. The caching mechanism has been updated to handle multiple  IKE_INTERMEDIATE exchanges between the IKE_SA_INIT and IKE_AUTH exchanges to resync SAs when a node is integrated.

Another change is that incomplete IKE_SAs are now destroyed during a failover. There are two reasons for this. One is that the key derivation is done delayed since 5.9.7, that is, it happens when an encrypted message is received and not when sending back the response to the previous one. So incomplete IKE_SAs are usually not in-sync when the active node goes down. The second reason is that the IntAuth values derived from IKE_INTERMEDIATE exchanges are currently not synchronized, so if a failover occurred before an IKE_SA with multiple key exchanges is authenticated, the node taking over couldn't produce the correct authentication data.

New Options for dhcp and eap-radius Plugins

The new interface_receive option for the dhcp plugin allows binding the receive socket to a different interface than the send socket. For example, this can be useful if the DHCP server runs on the same host as the IKE daemon and the user wants to bind the send socket to a specific interface (e.g. the internal bridge interface). In this scenario, the responses from the DHCP server are sent via loopback interface. So binding both sockets to the same interface won't work. The new option now allows binding the receive socket to lo or to no interface by setting the option to an empty string.

A regression in the dhcp plugin (due to a refactoring in 5.9.14) was also fixed, which prevented receiving DHCP replies on the loopback interface.

The new source option for the eap-radius plugin allows sending RADIUS messages from a specific IP address by binding the sockets to it. This can simplify the configuration of the RADIUS server for multihomed VPN gateways. The option can be set globally or for each configured RADIUS server separately.

Other Notable Features and Fixes

  • Self-signed root CAs that don't contain policies are now excluded from policy validation. In particular third-party root CA certificates usually don't contain any policies.
  • Inbound ESP traffic is now ignored when deciding whether to send a DPD unless UDP-encapsulation is used. Without the latter, there is no correlation between IKE and ESP traffic (other than the IPs). So firewalls might not keep the state for IKE/UDP traffic alive if constant ESP traffic prevents DPDs from getting exchanged.
  • When connecting to port 4500 or a custom server port, the initial IKE_SA_INIT request is now sent from the NAT-T socket. This avoids issues with peers that only use the initial source port. It also ensures that no packets are sent from port 500 (i.e. without required non-ESP marker) if ephemeral source ports are not used.
  • Fixed a memory leak in the vici plugin when reloading configs that use raw public keys.
  • The NetworkManager backend (charon-nm) now enables charon-nm.check_current_path to force a DPD after connectivity changes without IP change. It now also uses the same (short) retransmission settings as the Android app by default.
  • Installation of the config snippet for charon-nm in /etc/strongswan.d has been fixed. Most of the deliberately set defaults (e.g. for source ports, routing tables or fwmarks) are now documented there.
  • The NetworkManager GUI now allows configuring the local and remote traffic selectors in a new tab at the bottom. The option to configure the local traffic selectors was newly added to charon-nm.
  • The build of the vici Python bindings has been changed. setup.py is not called directly anymore. Instead, the build frontend is used to build a wheel (the old egg format is not used/built anymore). The configure option has been changed to --enable-python-wheels. And because the built wheel has to be installed manually (e.g. in a venv using pip), the --enable-python-eggs-install option has been removed.

Download Complete Changelog