v3.25 (June 27, 2018) * IKEv2: MOBIKE Initiator support (RFC 4555) [Antony] * IKEv2: Support for IKE SA rekeying RFC7296 1.3.2, initiator [Antony] * IKEv2: Support for IPsec SA rekeying RFC7296 1.3.3, initiator [Antony] * IKEv2: Support for IKE SA reauth=yes|no RFC7296 2.8.3 [Antony] * IKEv2: Temporarilly disable Liveness/DPD when MOBIKE kick in [Antony] * IKEv2: No longer allow contradicting esp= and pfs= options [Andrew] * IKEv2: PPK support for authby=rsasig [Vukasin Karadzic] * IKEv2: IANA INTERNAL_DNSSEC_TA allocation added [Paul] * IKEv2: Add PPK support to authby=rsasig [Vukasin] * IKEv2: Don't calculate NO_PPK_AUTH when the POLICY is INSIST [Vukasin] * IKEv2: fix PPK when responder is ppk=no but has a valid PPKID [Paul/Vukasin] * IKEv2: Support for protoport based Opportunistic IPsec [Paul] * IKEv2: Support multiple authby values (eg authby=rsasig,null) [Paul] * IKEv2: Support for AUTHNULL fallback via private use Notify [Vukasin] * IKEv2: Fix v3.23 regression causing liveness check to always fail [Tuomo] * IKEv2: Support for Microsoft rekey bug: ms-dh-downgrade=yes|no [Andrew/Paul] * IKEv2: Allow switching between OE instances with different protoports [Paul] * IKEv2: process INITIAL_CONTACT and delete old states from a connection [Paul] * IKEv2: Only retransmit fragments on receiving first fragment [Andrew] * IKEv2: When sending fragments, also update st_msgid_lastreplied [Paul] * IKEv2: Encrypt IKE_AUTH reply when authenticaion failed [Andrew] * IKEv2: Fix handling of corrupt encrypted packets [Andrew] * IKEv2: Do not call ISAKMP_SA_established() during CREATE_CHILD_SA [Paul] * IKEv2: When receiving Initial Contact, delete old IPsec SA's [Paul] * IKEv2: Harden IP triggered OE with new dns-match-id=yes|no [AntonyPaul] * IKEv2: Add PRF/INTEG support for AES_XCBC / AES_CMAC [Andrew] * IKEv2: permit DH=none (as in esp=aes;none,aes;dh22) [Andrew] * IKEv1: Prevent crashes with IKEv1 mistakenly allowing narrowing=yes [Paul] * IKEv1: DPD was not getting scheduled (bug introduced in 3.23) [Paul] * IKEv1: modecfg_send_set() must not ignore failure of modecfg_resp() [Hugh] * X509: Extend support for wildcard certs matching remote peer ID [Paul/Hugh] * X509: Support PKCS7 for Microsoft interop with intermediate certs [Andrew] * X509: Handle CRL fetching in separate thread [Andrew] * pluto: Obsoleted connaddrfamily= (fixes 6in4 and 4in6) [Paul] * pluto: New hostaddrfamily= and clientaddrfamily= (only needed w DNS) [Paul] * pluto: Cleanup of state/md passing code [Andrew] * pluto: Allow switching back from wrong instance to template conn [Paul] * pluto: disentangle IKEv1 and IKEv2 packet sending code [Andrew] * pluto: Allow rightsubnets= without leftsubnet(s)= [Paul] * pluto: don't share IP leases for authby=secret (in case of group ID) [Paul] * pluto: Parser bug prevented 4in6 config [mhuntxu at github, Daniel M. Weeks] * pluto: Find and delete old connection/states with same ID [Paul/Hugh] * pluto: traffic log (and updown) line had in/out bytes swapped [Paul/Tuomo] * pluto: Fix memory/fd leaks found by Coverity and in cert code [Hugh/Andrew] * pluto: Improve SPD longest prefix to priority calculation [Andrew/Paul/Hugh] * addconn: Fix auto=route and auto=start processing [Paul] * whack/auto: Ensure all status and list commands return no error code [Paul] * KLIPS: Replace deprecated blkcipher with skcipher crypto API [Tijs Van Buggenhout] * FIPS: Support new NIST ACVP protocol with cavp tool cmdline args [Andrew] * FIPS: Don't attempt HMAC integrity test on rsasigkey (rhbz#1544143) [Paul] * FIPS: Don't allow RSA keys < 3072 [Matt/Paul] * FIPS: Enable our PRF aes_xcbc wrapper on NSS hash code in FIPS mode [Andrew] * FIPS: Raise minimum RSA key length allowed to 3072 [Paul] * CAVP: Add -<acvp-key> <acvp-value> and -json(output) options to CAVP [Andrew] * portexcludes: new command ipsec portexcludes (see portexcludes.conf) [Paul] * _updown.netkey: fix deleting routes when half routes are used [Tuomo] * _updown.netkey: don't delete VTI interfaces until we can refcount [Tuomo] * _updown.netkey: fix unroute: "need at least a destination address" [Tuomo] * _updown.netkey: don't do proxyarp for direct host-host tunnels [Tuomo] * _updown.netkey: force routing if we don't have route to remote network [Tuomo] * _unbound-hook: Pass all IPSECKEY's to pluto, not just the first [Paul] * contrib/python-swan: module to check if trafic get be encrypted [Kim] * contrib/c-swan: example code to check if trafic get be encrypted [Kim] * building: added USE_GLIBC_KERN_FLIP_HEADERS (default off) [Paul] * building: when ElectricFence enabled, add extra system calls to seccomp [Andrew] * ipsec: add checknss option --settrusts to reset CA trusts in nss db [Tuomo] * _updown.netkey: force routing when necessary for IPsec to work [Tuomo] * _updown.netkey: do not proxyarp for host-host tunnels [Tuomo] * look: sort XFRM output by priority [Andrew] * Bugtracker bugs fixed: #311: segfault in crl fetching git master f5b17dc [Andrew, Tuomo] #314: IPv6 default route is deleted by mistake #318: vti interface gets down on previous initiator if roles switch [Tuomo] #320: nsspassword file location is half implemented #328: Addcon crash on duplicit "left" or "leftid" keys in conn config [Stepan Broz]