• Added an option to enable certificate validation for IPSec tunnel via the new "ipsec-cert-check" parameter. Requires a custom CA root certificate to be specified.
• Changed "ca-cert" option to be a comma-separated list of certificates rather than a single certificate
• Added IP address check and signature validation of the IKE ID payload (security improvement)
• Fixed a compatibility issue with the old CheckPoint servers which do not advertise authentication methods
• Fixed a bug with the keepalive packets for the SSL tunnel when large amount of data was sent to the tun device