Projects / strongSwan / Releases

All releases of strongSwan

  •  08 Aug 2007 12:29
Avatar

    Release Notes: Source routes installed by the keying daemons are now in a separate routing table with ID 100 in order to avoid conflicts with the main table. Route lookup for IKEv2 traffic is done in userspace to ignore routes installed for IPsec, as IKE traffic shouldn't get encapsulated. The ipsec starter has become more tolerant to dynamic DNS lookup failures by keeping the last valid IP address.

    •  05 Jul 2007 08:42
    Avatar

      Release Notes: Support of the IKEv2-based MOBIKE protocol (RFC 4555) allows dynamic IP address changes and multi-homing without re-establishing the IPsec tunnels. For IKEv1, the introduction of the rightallowany=yes option or, as an alternative, the right=%peer.foo.bar wildcard improves the re-establishment of IPsec connections after a dynamic address change in a host which registers its address with DynDNS.

      •  29 May 2007 07:41
      Avatar

        Release Notes: IKEv2 can now handle multiple certificates issued to the same peer ID. This allows for a smooth transition during certificate renewal. IKEv2 also supports IPSec policies based on intermediate certification authorities through the use of the rightca= parameter.

        •  30 Apr 2007 13:48
        Avatar

          Release Notes: The following IKEv2 features have been added: Perfect Forward Secrecy (PFS) by doing an additional Diffie-Hellman exchange when creating or rekeying a Child SA. The AES-XCBC-96 MAC algorithm is supported for IPsec SAs (this requires Linux kernel 2.6.20 or later). Working IPv4-in-IPv6 and IPv6-in-IPv4 tunnels were added (this requires Linux kernel 2.6.21 or later).

          •  10 Apr 2007 07:55
          Avatar

            Release Notes: IKEv2 now supports automatic HTTP- and/or LDAP-based fetching of certificate revocation lists using URIs extracted from CRL distribution points. CRLs can optionally be cached with the cachecrls=yes option. strongSwan now fully supports cookies in the presence of DoS attacks. New IKEv1 features include the addition of a special NAT-T Vendor ID that allows interoperability with Windows 2003 Server. The --enable-nat-transport option activates NAT traversal for IPsec transport mode.

            •  27 Mar 2007 08:48
            Avatar

              Release Notes: This release has been thoroughly tested at the third IKEv2 Interoperability Workshop and beside the traditional IKEv1 capabilities, offers nearly complete support of IKEv2. New IKEv2 features are the assignment of virtual IPs via the configuration payload, the basic EAP authentication framework, as well as the implementation of the Online Certificate Status Protocol (OCSP).

              •  22 Feb 2007 12:27
              Avatar

                Release Notes: A bug in the computation of the SHA-512-HMAC function was fixed. The SHA-384 hash and HMAC functions were implemented. SHA-2 signatures are now supported in X.509 certificates. Automatic test vector-based self-tests of all hash functions (MD5, SHA-1, SHA-2) during pluto startup was introduced to increase the reliability of the software.

                •  05 Feb 2007 14:13
                Avatar

                  Release Notes: Extended authentication (XAUTH) in conjunction with IKE Main Mode authentication (RSA and PSK) is now possible with most VPN clients and gateways (e.g. Cisco, NCP, Shrew, etc.).

                  •  29 Jan 2007 14:43
                  Avatar

                    Release Notes: Extended authentication (XAUTH) in conjunction with IKE Main Mode authentication (RSA and PSK) is now possible with most VPN clients and gateways (e.g. Cisco, NCP, Shrew, etc.).

                    •  15 Jan 2007 08:08
                    Avatar

                      Release Notes: This release features full XAUTH server and client support in conjunction with IKEv1 RSA or PSK Main Mode authentication. Verification of user credentials is possible either via a custom XAUTH plugin module or through XAUTH entries in ipsec.secrets.

                      Screenshot

                      Project Spotlight

                      episoder

                      A tool to tell you about new episodes of your favourite TV shows.

                      Screenshot

                      Project Spotlight

                      BalanceNG

                      A modern software IP load balancer.