We are happy to announce the release of strongSwan 5.5.2 which brings support for DH group 31 using Curve25519 and the Ed25519 signature algorithm for IKEv2, storing private keys on a TPM 2.0, automatic installation of bypass policies for LANs, several new features for the VICI interface and swanctl and lots of other new features and fixes.
The curve25519 plugin provides support for Diffie-Hellman group 31 using Curve25519 as defined by RFC 8031, as well as support for the Ed25519 digital signature algorithm for IKEv2 as defined by draft-ietf-ipsecme-eddsa. Ed25519-based public key pairs, X.509 certificates and CRLs can be generated and printed by the pki tool.
Private Keys on a TPM 2.0
The new tpm libtpmtss plugin allows to use persistent private RSA and ECDSA keys bound to a TPM 2.0 for both IKE and TLS authentication. Using the TPM 2.0 object handle as keyid parameter, the pki --pub tool can extract the public key from the TPM thereby replacing the aikpub2 tool. In a similar fashion pki --req can generate a PKCS#10 certificate request signed with the TPM private key. Optionally the tpm plugin may be used as RNG.
Bypass Policies for Locally Attached Subnets
The optional bypass-lan plugin automatically installs and updates passthrough/bypass policies for locally attached subnets. This is useful for mobile hosts that are used in different networks and want to access local devices in these networks (e.g. printers or NAS) while connected to a VPN.
New Features for the VICI Interface
Several new features for the VICI interface and the swanctl utility were added: Enumerating and unloading private keys and shared secrets (
swanctl --load-creds now automatically unloads removed secrets), loading keys and certificates from PKCS#11 tokens or a TPM, the ability to initiate, install and uninstall connections and policies by their exact name (if multiple child sections in different connections share the same name), querying a specific pool, a command to initiate the rekeying of IKE and IPsec SAs, public keys may be configured directly in swanctl.conf via 0x/0s prefix, the overhead of the VICI logger has been reduced, support for settings previously only supported by the old config files (DSCP, certificate policies, IPv6 Transport Proxy Mode, NT hash secrets, mediation extension).
There is also an important change for developers: Due to issues with VICI bindings that map sub-sections to dictionaries (e.g. Python) the CHILD_SA sections returned via list-sas now have a unique name. The original name of a CHILD_SA is returned in the name key of its section.
Better Support for RFC 3779 addrblock Extensions
The pki tool gained support for generating certificates with RFC 3779 addrblock extensions. The charon addrblock plugin now dynamically narrows traffic selectors based on the certificate's addrblocks instead of rejecting non-matching selectors completely. This allows generic connections, where the allowed selectors are defined by the used certificates only.
Other Notable Features and Fixes
- A command injection vulnerability in the ipsec script was fixed, which was exploitable if unprivileged users were allowed to run the script via
sudo(2ec6372f5a). Thanks to Andrea Barisani for reporting this.
- In-place update of cached base and delta CRLs does not leave dozens of stale copies in cache memory.
- Support for handling
IKEV2_MESSAGE_ID_SYNCnotifies as responder (usually the original initiator of an IKE_SA) as defined in RFC 6311 was added.
- Trap policies now use priorities from the same range as regular policies, which allows installing overlapping trap policies (#1243).
- No mark is installed anymore on inbound IPsec SAs. So explicitly marking inbound traffic before decryption is not necessary anymore (067fd2c69c).
- PSKs for IKEv1 connections are now first looked up based on configured identities of connections that match the IPs, before falling back to searching for PSKs for the IPs (#2223).