[Swan-dev] [Swan-announce] Libreswan 3.18 release notes

The Libreswan Project team at libreswan.org
Wed Jul 27 14:48:55 UTC 2016

The Libreswan Project has released libreswan-3.18

This is a security release for CVE-2016-5391 as well as a feature

The CVE-2016-5391 issue can cause the IKE daemon to restart on a missing
DH IKEv2 transform. This could cause a denial of service.

Three new experimental features are introduced.

There is support for VTI devices for routing-based VPN setups. It
can create ipsec0 interfaces on XFRM/NETKEY that act similar to ipsec0
devices on KLIPS. Note that the feature is marked experimental because the
keywords might still change in a future release. For detailed instruction,
see https://libreswan.org/wiki/Route-based_VPN_using_VTI

The Opportunistic Encryption now has experimental NAT support. And there
is now support for Traffic Flow Confidentiality.

The IKEv2 default proposals were updated to match RFC4307bis and
RFC7321bis, prefering AES_GCM, SHA2 and larger keysizes. It demotes
preference for SHA2-256 for ESP/AH to avoid interoperability with broken
Linux kernels that would otherwise require sha2-truncbug=yes to be set.

Various bugfixes and minor features are included in this release. The FIPS
code was simplified and the crypto boundary was strongly reduced - now only
the pluto binary requires a self-test .hmac file. PreShared Keys are now
allowed in FIPS mode. Systemd watchdog support was added (and defaults to
200 seconds). MARKing support has been improved, and the updown script now
sees a few more exported variables for use in custom updown scripts. Using
raw RSA keys no longer requires modifying ipsec.secrets. A new option to
specify public keys by their CKAID is introduced via left/rightckaid. And
CRL fetching now attempts to fetch from all CRL distribution points, and
not just the first one.

You can download libreswan via https at:

https: //download.libreswan.org/libreswan-3.18.tar.gz
https: //download.libreswan.org/libreswan-3.18.tar.gz.asc

The full changelog is available at:
https: //download.libreswan.org/CHANGES

Please report bugs either via one of the mailinglists or at our bug tracker:

https: //lists.libreswan.org/
https: //bugs.libreswan.org/

Binary packages for RHEL/EPEL and Debian/Ubuntu can be found at
https: //download.libreswan.org/binaries/

Binary packages for Fedora and Debian should be available in their respective
repositories a few days after this release.

See also https://libreswan.org/

v3.18 (July 27, 2016)
* SECURITY: CVE-2016-5391: IKEv2 proposal lacking DH causes restart [Andrew]
* XFRM: EXPERIMENTAL Support for NAT OE Client Address Translation (leftcat=) 
* XFRM: EXPERIMENTAL Support for routed-VPNs using VTI [Paul/Tuomo]
         keywords: vti-interface=<name> vti-routing=yes|no vti-shared=yes|no
* XFRM: EXPERIMENTAL Support for Traffic Flow Confidentiality tfc=XXX [Paul]
* KLIPS: Fix for /proc/net/pf_key oops on < 4.4 [Erik Andersson]
* KLIPS: Fix overwriting the sk pointer in 4.4 kernels [Ofer Heifetz]
* FIPS: Only the pluto binary needs a fipscheck .hmac file for self-test [Paul]
* FIPS: Change SA_LIFE_DURATION_MAXIMUM from 1 day to 8h [Paul]
* FIPS: Do not allow Linux-style sha2 truncation for ESP in FIPS mode [Paul]
* FIPS: Allow PSK in FIPS mode. This was erroneously not allowed [Paul]
* FIPS: Added new ipsec whack --fipsstatus [Paul]
* IKEv2: For default proposals, prefer MODP2048 over MODP1536 [Andrew]
* IKEv2: For proposals like ike=aes-sha2, prefer AES_256 over AES_128 [Andrew]
* IKEv2: For default ESP proposals, include and prefer AES_GCM [Andrew]
* IKEv2: For default ESP/AH proposals, do not propose MD5 integrity [Andrew]
* IKEv2: Add MODP3072 to defaults to ease interop with strongswan [Andrew]
* IKEv2: Prefer sha2-512 over sha2-256 for ESP to avoid linux bug [Andrew]
* IKEv2: fix use of ikev2_cert_req_fields [Lubomir Rintel]
* IKEv2: Extend and improve notify handling [Paul]
* IKEv2: Update ike endpoint as per rfc7296#section-2.23 [Antony/Paul]
* IKEv2: If first liveness probe failed, we never noticed liveness failure 
* pluto: Extend mark= support for mark-in= and mark-out= [Paul]
* pluto: implement unique marks by using mark=-1 [Paul]
* pluto: Add systemd watchdog support via USE_SYSTEMD_WATCHDOG [Matt/Paul]
* pluto: Follow connaddrfamily when resolving hostnames [Daniel M. Weeks]
* pluto: Check enum names consistency on startup [Hugh]
* pluto: Log mismatched DH group (KE payload) to log (not debug) [Andrew]
* pluto: Don't try to delete non-existing ipsec sa's (github #50) [Paul]
* pluto: Prevent double free of id data [Hugh]
* pluto: Avoid crashing on gaining remote ip locally (rhbz#1229766) [Paul]
* pluto: ESN could use uninitialised values and fail [Paul/Andrew]
* X509: Try subsequent crl distribution points when first one fails [Kim]
* whack: Display IPv4 lease address in --trafficstatus [Andrew]
* libipsecconf: New keyword left/rightckaid=XXX [Andrew]
* libipsecconf: Remove legacy keyword subnetwithin= [Hugh]
* libipsecconf: Clean out kv_auto / kv_manual attributes [Hugh]
* updown: Add SPI_IN= and SPI_OUT= to updown scripts [Paul]
* programs: Removed obsoleted ikeping and livetest [Paul]
* newhostkey: No longer touch any secret files [Andrew]
* showhostkey: Only look at NSS - don't require ipsec.secrets [Andrew]
* libswan: Fix unbound dnsctx handling [Hugh/Paul]
* libswan/libipsecconf: Clean up SECRETS code [Andrew]
* libswan: Delete getNSSPassword; replaced by lsw_nss_get_password [Andrew]
* addconn: Find peer IP address when resolving default route [Daniel M. Weeks]
* barf: If systemd detected, use journalctl to get logs [Paul]
* building: The make variable NSSLIBS was renamed to NSS_LDFLAGS [Andrew]
* building: Fix building without DNSSEC support [Hugh/Paul]
* packaging: Updates for debian packaging [dkg]
* initsystem: Add docker support using 'make INITSYSTEM=docker' [Kim]
* ipsec import: Add --configdir|--ipsecdir option for nss db location [Tuomo]
* _import_crl: Fix to work with nsspasswd [Andrew]
* _stackmanager: Remove loading of hardware random modules [Tuomo]
* _stackmanager: hide error if /proc/sys/net is read-only (i.e. docker) [Kim]
* ipsec: remove run by root check for Neutron/VPNaaS [Tuomo]
* ipsec: add option [--configdir|--ipsecdir /etc/ipsec.d] [Tuomo]
* testing: Various improvements for running tests, include web tree [Andrew]
* testing: New makefile targets, see 'make kvm-help' [Andrew]
* testing: pluto support for --expire-bare-shunt <interval> [Paul]

Swan-announce mailing list
Swan-announce at lists.libreswan.org

More information about the Swan-dev mailing list