We are happy to announce the release of strongSwan 5.8.0, which supports XFRM interfaces, childless IKEv2 SAs, fixes the PB-TNC finite state machine, renames the systemd service units, adds a wolfSSL crypto plugin and brings several other new features and fixes.
XFRM interfaces are available since Linux 4.19 and are intended to replace VTI devices. They are similar but offer several advantages, for instance, they are not bound to an address or address family.
IPsec SAs and policies are associated with such interfaces via interface IDs that can be configured in swanctl.conf (dynamic IDs may optionally be allocated for each SA and even direction). It's possible to use separate interfaces for in- and outbound traffic, or only use an interface in one direction and regular policies in the other.
Interfaces may be created dynamically via updown/vici scripts, or statically before or after establishing the SAs. Routes must be added manually as needed (the daemon will not install any routes for outbound policies with an interface ID).
When moving XFRM interfaces to other network namespaces they retain access to the SAs and policies installed in the original namespace, which allows providing IPsec tunnels for processes in other network namespaces without giving them access to the IPsec keys or IKE credentials.
More information can be found on the wiki page about route-based VPNs.
Childless IKEv2 SAs (RFC 6023)
Initiation of childless IKEv2 SAs is supported according to RFC 6023. If enabled and supported by the responder, no CHILD_SA is established during IKE_AUTH. Instead, all CHILD_SAs are created with CREATE_CHILD_SA exchanges. This allows using a separate DH exchange even for the first CHILD_SA, which is otherwise created during IKE_AUTH with keys derived from the IKE_SA's key material.
--initiate command may be used to initiate only the IKE_SA via
--ike option if
--child is omitted and the peer supports this extension.
The PB-TNC finite state machine according to section 3.2 of RFC 5793 was not correctly implemented when sending either a
SRETRY batch. These batches can only be sent in the "Decided" state and a
CRETRY batch can immediately carry all messages usually transported by a
CDATA batch. It is currently not possible to send a
SRETRY batch since full-duplex mode for PT-TLS transport is not supported.
systemd service units have been renamed. The modern unit (charon-systemd with vici/swanctl), which was called strongswan-swanctl, is now called strongswan (the previous name is configured as alias in the unit, for which a symlink is created when the unit is enabled). The legacy unit (starter/charon with ipsec/stroke) is now called strongswan-starter.
The new wolfssl plugin is a wrapper around the wolfSSL crypto library. Thanks to Sean Parkinson of wolfSSL Inc. for the initial patch.