Release and vulnerability announcements for strongSwan

Bye Bye Pluto!

The new strongSwan 5.0 branch combines IKEv1 and IKEv2 functionality into a single monolithic charon daemon and says bye bye to the old and weary pluto daemon.

In July 2000 three students of mine contributed the first X.509 patch to the FreeS/WAN project, allowing the IKEv1 pluto daemon to handle X.509 certificate-based authentication. The functionality of the patch at that time was extremely limited and configuration was rather primitive and tiresome but over the next couple of years the X.509 patch for FreeS/WAN grew continuously to finally encompass multi-level CA, CRL and OCSP support and a complete PKCS#11 smartcard interface.

After the demise of the FreeS/WAN project in 2004 I forked off the strongSwan project with a focus on strong authentication, integrating the X.509, NAT-Traversal, DPD and AES patches plus some other contributions into the FreeS/WAN 2.x code base and maintaining and improving this code under the strongSwan 2.x branch.

Then in October 2005 Jan Hutter and Martin Willi proposed to implement the forthcoming IKEv2 standard as part of their diploma thesis. We agreed that the software architecture of the IKEv2 charon daemon would be done from scratch in a modern object-oriented and fully multi-threaded way, the only prerequisite being compatibility with pluto's configuration files. The two able students were successful in building a rapid prototype within eight weeks and Martin stayed on to implement the full IKEv2 standard. 

Since we were optimistic that IKEv1 would quietly go away after a transition period of maybe 3-5 years, we decided to base the strongSwan 4.x branch on a loose screen level integration of the separate IKEv1 pluto and IKEv2 charon daemons by controlling them via the joint ipsec starter process. Over the years we ported quite a number of charon features back to the old pluto daemon, e.g. sharing the complete libstrongswan crypto library, the libhydra IPsec kernel interface as well as the flexible plugin framework.

In September 2010 the updated IKEv2 RFC 5996 was released, five years after the original RFC 4306. But apart from the nice and easy-to-configure Microsoft Windows 7 Agile VPN client, IKEv2 was still not widely in use for remote access applications. Quite to the contrary. Due to the popular iPhone and Android smartphones just about everyone wanted to set up XAUTH-based IKEv1 connections with strongSwan VPN gateways!

Therefore in October 2011 we decided to re-implement the IKEv1 protocol by extending the modern code base of our robust IKEv2 charon daemon. Martin Willi, together with Tobias Brunner who had joined the strongSwan team in 2006 and among other big achievements had done the previous libhydra backporting to pluto,  took on the huge task of integrating and complementing existing IKEv1 charon code donated by the Swedish firm Clavister into a new strongSwan 5.0 branch. As usual I took care of the software regression testing and was soon pestering Martin and Tobias with a lot of tiny interoperability details.

strongSwan 5.0 is nearing completion and it is time to say bye bye to the old and weary pluto daemon. We are completely removing the pluto code from the 5.x branch in order to entice our users and customers to quickly migrate their IKEv1 applications to the monolithic IKEv1/IKEv2 charon daemon. The transition from strongSwan 4.x to 5.x should be quite smooth and nearly automatic with the exception of a couple of minor adaptations that are listed on our IKEv1 Charon-Pluto Interoperability page.

The strongSwan 4.x branch will go into maintenance mode with free general support offered at least until the end of 2012. Long-term commercial support for customers will always be available.

Now to the goodies! strongSwan 5.0 is going to support IKEv1 Aggressive Mode and IKEv1 Hybrid Mode, both of which are used by some proprietary third party VPN products and by racoon. After some heated internal discussions we finally decided to allow IKEv1 Aggressive Mode with PSK but a strongSwan VPN gateway must explicitly enable this potentially vulnerable mode with the strongswan.conf option

i_dont_care_about_security_and_use_aggressive_mode_psk = yes

And as I promised in numerous public and private talks strongSwan then changes its name to weakSwan.

Please enjoy our new major release and report back any bugs, interoperability problems or missing features.

Andreas Steffen