strongSwan - Design by Margo Galas <galas (at) solnet (dot) ch>

Main Sponsors



strongSwan 5.6.0 Released

We are happy to announce the release of strongSwan 5.6.0 which adds support for SWIMA for PA-TNC, brings a plugin that implements 3GPP MILENAGE in software, refines CHILD_SA rekeying and fixes a DoS vulnerability and several other issues.

Denial-of-Service Vulnerability in the gmp Plugin (CVE-2017-11185)

A denial-of-service vulnerability in the gmp plugin was fixed that was caused by insufficient input validation when verifying RSA signatures. More specifically, if the signature equals the public key's modulus the resulting value of zero causes  mpz_export() to return NULL, which was not handled properly, resulting in a null-pointer dereference. All versions are affected.

More information is provided in a separate blog entry.


The new SWIMA (Software Inventory Message and Attributes) IMC/IMV pair implements the draft-ietf-sacm-nea-swima-patnc Internet Draft and has been demonstrated at the IETF 99 Prague Hackathon. The IMV database template has been adapted to achieve full compliance with the
ISO 19770-2:2015 SWID tag standard.

The sw-collector tool extracts software events from apt history logs and stores them in an SQLite database to be used by the SWIMA IMC. The tool can also generate SWID tags both for installed and removed package versions.

3GPP MILENAGE in Software

The new eap-aka-3gpp plugin implements the 3GPP MILENAGE algorithms in software. K (optionally concatenated with OPc) may be configured as binary EAP secret in ipsec.secrets or swanctl.conf. Thanks to Thomas Strangert for the initial patch.

Refined IKEv2 CHILD_SA Rekeying Behavior

CHILD_SA rekeying is fixed in charon-tkm, which was broken since the rekeying changes introduced with 5.5.3. The behavior has also been refined a bit: On Linux the outbound policy now has the SPI of the corresponding SA set and the responder of a rekeying will install both IPsec SAs (in/out) immediately, but delay the update of the outbound policy until it received the delete for the replaced CHILD_SA.
Also, the previous code temporarily installed an outbound IPsec SA/policy that was deleted immediately afterwards when a rekey collision was lost, which caused a slight chance for traffic loss.

Other Notable Features and Fixes

  • The pt-tls-client can attach and use TPM 2.0 protected private keys via the --keyid parameter.
  • libtpmtss supports Intel's TSS2 Architecture Broker and Resource Manager interface (tcti-tabrmd).
  • The remote address must not be resolvable anymore when installing trap policies (at least not if the remote traffic selector is not %dynamic).
  • The new %unique-dir value for the mark* settings in swanctl.conf or ipsec.conf will allocate separate unique marks for each CHILD_SA direction.
  • By default the /etc/swanctl/conf.d directory is created and *.conf files in it are included in the default swanctl.conf file.
  • The curl plugin now follows HTTP redirects (configurable via strongswan.conf).

Download Complete Changelog