Projects / strongSwan / Releases

All releases of strongSwan

  •  31 Mar 2009 07:46
Avatar

    Release Notes: A vulnerability in the Dead Peer Detection (RFC 3706) code was found affecting all strongSwan releases (CVE-2009-0790). A malicious or expired ISAKMP R_U_THERE or R_U_THERE_ACK DPD packet can cause the pluto IKEv1 daemon to crash and restart. The new server-side IKEv2 EAP RADIUS plugin relays EAP messages to and from a RADIUS server. It has been successfully tested with a FreeRadius server using EAP-MD5 and EAP-SIM.

    •  23 Mar 2009 12:11
    Avatar

      Release Notes: A couple of minor bugs in the IKEv1 and IKEv2 daemons were fixed.

      •  23 Feb 2009 12:27
      Avatar

        Release Notes: IKEv2 interoperability with the Windows 7 Agile VPN client was improved by allowing the configuration of up to two DNS and NBNS servers that are forewarded to the client via the IKEv2 configuration payload. The IKEv2 EAP-MSCHAP v2 authentication protocol is supported.

        •  21 Jan 2009 23:14
        Avatar

          Release Notes: Bugfixes for broken ESP NULL encryption and a missing list of connection definitions in the IPsec statusall output.

          •  29 Dec 2008 08:34
          Avatar

            Release Notes: Major performance improvements were made by introducing hash table lookups, allowing the setup of thousands of IKEv2 connections in seconds. Smartcard support for IKEv2 connections was added using the OpenSSL Engine API.

            •  18 Nov 2008 14:11
            Avatar

              Release Notes: There is mobile IPv6 support for securing Binding Updates and tunneled traffic between Mobile Node and Home Agent. This release includes Mobile Node address migration based on MIGRATE kernel messages sent by the mip6d daemon. A modularized IPsec kernel interface supporting XFRM, PFKEY, and KLIPS messages was added. A significant performance improvement on multi-core platforms was made.

              •  15 Oct 2008 10:18
              Avatar

                Release Notes: Several MOBIKE improvements were made. Changes in NAT mappings in DPD exchanges are detected. Events are handled if the kernel detects NAT mapping changes in UDP-encapsulated ESP packets (though this requires a kernel patch). Old addresses are reused in MOBIKE updates as long as possible. Other fixes were made.

                •  19 Sep 2008 03:44
                Avatar

                  Release Notes: This release fixes a denial of service vulnerability where an IKE_SA_INIT message with a Diffie-Hellman KE payload containing zeroes only could cause a crash of the IKEv2 charon daemon due to a NULL pointer returned by the mpz_export() function of the GNU Multi-Precision (GMP) library.

                  •  28 Aug 2008 08:17
                  Avatar

                    Release Notes: The new dbus-based nm plugin fully integrates strongSwan into the VPN connections menu of NetworkManager 0.7. Separate EAP identities are supported in all IKEv2 EAP authentication protocols.

                    •  28 Jul 2008 04:18
                    Avatar

                      Release Notes: The performance of the SQL-based virtual IP address pool has been improved. There is consistent logging of IKE SAs on the audit level. There are a couple of minor bugfixes.

                      Screenshot

                      Project Spotlight

                      episoder

                      A tool to tell you about new episodes of your favourite TV shows.

                      Screenshot

                      Project Spotlight

                      BalanceNG

                      A modern software IP load balancer.