Skip to content

strongSwan

VPN & Tunnels

Open-source IPsec VPN solution for configuring site‑to‑site, host‑to‑host, and roadwarrior connections

Track releases GitHub Website
C Latest 6.0.6 · 1mo ago Security brief →

Features

  • Site‑to‑site tunnel configuration between gateways
  • Host‑to‑host connectivity using IKE/IPsec
  • Roadwarrior support for dynamic remote clients

Recent releases

View all 2 releases →
6.0.6 Security relevant
Security fixes
  • CVE-2026-35328 (libtls supported_versions infinite loop)
  • CVE-2026-35329 (PKCS#7 container crash)
  • CVE-2026-35330 (EAP-SIM/AKA RCE)
Full changelog

Vulnerabilities

  • CVE-2026-35328 - Fixed a vulnerability in libtls related to the processing of the supported_versions extension in TLS that can result in an infinite loop. Affects 5.9.2 and newer.
  • CVE-2026-35329 - Fixed a vulnerability in libstrongswan and the pkcs7 plugin related to the processing of encrypted PKCS#7 containers that can result in a crash. Affects 5.0.2 and newer.
  • CVE-2026-35330 - Fixed a vulnerability in libsimaka related to the processing of certain EAP-SIM/AKA attributes that can result in an infinite loop or a heap-based buffer overflow and potentially remote code execution. Affects 4.3.6 and newer.
  • CVE-2026-35331 - Fixed a vulnerability in the constraints plugin related to the processing of X.509 name constraints that can allow authentication with certificates that violate the constraints. Affects 4.5.1 and newer.
  • CVE-2026-35332 - Fixed a vulnerability in libtls related to the processing of ECDH public values in TLS < 1.3 that can result in a crash. Affects 4.5.0 and newer.
  • CVE-2026-35333 - Fixed a vulnerability in libradius related to the processing of RADIUS attributes that can result in an infinite loop or an out-of-bounds read that may cause a crash. Affects 4.2.14 and newer.
  • CVE-2026-35334 - Fixed a vulnerability in the gmp plugin related to RSA decryption that can result in a crash. Affects 4.3.2 and newer.

Enhancements and Optimizations

  • Added the unique ID to the log messages when creating an IKE SA as responder (7f6fc50ba3e13cbc87a1de9276c98f4787d47915) and when deleting such a half-open SA (5334d93a45bd1f5d97d2549812f4e6ffd2d2ce06).
  • The credential factory now enforces an upper limit of 10 when creating nested credentials (06e5462a4b5bfe488c097cd4d7e4e42460e4dde1).
  • Added Georgian translation to the NM plugin (#3041).

Fixes

  • IKEv2 fragments with a total fragment count lower than before are now dropped as mandated by the RFC (1e1dd2976dd996a7a86cdd5ebe38ec444ba81a86).
  • Fixed a potential out-of-bounds read when parsing EAP-SIM/AKA attributes with actual length field (e454b4adb3cf4b635b452ac2be55736ff507a96b).
  • Fixed a potential out-of-bounds read when enumerating hashes in OCSP CERTREQ payloads (4af485d87dbf8024f54a13205156fdee64ead787).
  • Fixed a potential crash in the vici plugin when parsing messages that encode the length of a VICI_LIST_ITEM incorrectly (20b07f2cbf8c8dd7b6e815e096ab15f0b2eec290).
  • Avoid allocating a large buffer for TLS cipher suites on the stack using alloca() (b56b3d48b6193ece7aaa83e124e67e15d1e96016, reported by COBALT). Whether this could be a potential problem depends on the stack size per thread, on typical systems it shouldn't be an issue.
  • Ensure TLS 1.3 CertificateRequest structures are valid on the client (236ef93c50fac9498b77c690611ae61f1f65142a).
  • Prevent an infinite loop if the EAP-SIM version list on the client contains more than one entry (65fcf08cdb3445db0dd3c153bc033f6adcdced0b).
  • Fixed a crash in the tnccs_11 plugin if TNCCS-ReasonStrings is empty or only contains empty nodes (513f25ce12357f963d8917cb2f49b2c2020f4165).
  • Fixed verification of RSA signatures with SHA3-224 via botan plugin (c60a14ba23cabc076aa993eac3e56acd89cbafd4).
  • Close the internal IPv6 socket when a tun_device_t is destroyed (e1091327b5d7f6cc8ca58931c8dd9b48fc53d42e).
  • Update the address family in the SA selector when the addresses of a tunnel mode IPsec SA change in the kernel-netlink plugin (cb27593ce0ef0003f69ee57333621e4f4eb35e11).

Plugin and Configuration Changes

  • The Botan RNG types used/provided by the botan plugin are now configurable (fdd06d99ecc42143100b307ba6d294532e83c7b3).
  • Please note the that the fix for the vulnerability in the constraints plugin now causes all certificates that contain excluded name constraints of type directoryName (DN) to get rejected.

For Developers

  • Several of the fuzzers on OSS-Fuzz are now created with two distinct sets of plugins, the defaults and the legacy custom ones.
  • Primitives for constant-time comparison of uint32_t values have been added to the utils.

Refer to the 6.0.6 milestone for a list of all closed issues and pull requests.

View release on GitHub
6.0.5 Security relevant
Security fixes
  • CVE-2026-25075: EAP-TTLS AVP processing resource exhaustion
Notable features
  • ICMP error message forwarding
  • Childless IKE SA initiation support
View release on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

About

Stars
2,879
Forks
910
Languages
C Shell Java
View on GitHub Homepage Documentation

Similar tools

Gluetun VPN client
pangolin
openvpn
docker-wireguard
Nylon

Beta — feedback welcome: [email protected]