[strongSwan] Planning an upgrade of strongswan from 4.4.1 to 5.2.1

[CJ Fearnley]

I have a working strongswan system running the Debian package at version
4.4.1-5.7 (Squeeze oldoldstable). In a week or so, I'll be replacing
the box with a fresh install of Debian running 5.2.1-6+deb8u1 (Jessie).

I have two questions:

1. Have any config options changed in strongswan that I need to study?

2. Are there any issues with strongswan in connecting with a Netgear
   FVG318 of various vintages. All of our clients connect with this
   model of Netgear which is the only thing we've been able to get
   working with certificates.

Here is a cleaned up version of /etc/ipsec.conf:

config setup
    charonstart=yes
    plutostart=yes
    virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!192.168.101.0/24
    uniqueids=no

conn %default
    mobike=no
    keyexchange=ikev1
    left=xxx.xxx.xxx.xx
    leftsubnet=192.168.xxx.0/24
    auto=add

conn someplace
    rightsubnet=192.168.yyy.0/24
    right=%any
    leftid="C=US, ST=ST, L=Some City, O=Some Company, CN=something.example.com, E=some at example.com"
    leftcert=something.crt
    leftsendcert=always

plus a half-dozen others of similar nature.

All of the systems that connect to this are various vintages of the
Netgear FVG318.

Are there any known compatibility issues with strongswan 5.2.1 and the
Netgear FVG318?

Have there been any relevant changes to the syntax of ipsec.conf since
4.4.1 and 5.2.1-6+deb8u1?

Any general strongswan relevant advice for planning such an upgrade?

-- 
CJ Fearnley                 |   LinuxForce Inc.
cjf at LinuxForce.net          |   IT Projects & Systems Maintenance
http://www.LinuxForce.net   |   http://blog.remoteresponder.net