Projects / strongSwan / Releases

All releases of strongSwan

  •  11 Jan 2007 07:20
Avatar

    Release Notes: This release features full XAUTH server and client support in conjunction with IKEv1 RSA or PSK Main Mode authentication. Verification of user credentials is possible either via a custom XAUTH plugin module or through XAUTH entries in ipsec.secrets. IKEv2 configuration of IPsec Transport Mode is now possible. IKEv2 reauthentication (reauth=true) has been implemented.

    •  03 Nov 2006 10:07
    Avatar

      Release Notes: Major improvements were done for the monitoring, debugging, and logging functions for the IKEv2 keying daemon. Informational console output is now available during connection startup. IKEv1 Mode Config Push mode was backported from strongswan 2.8.0.

      •  23 Oct 2006 07:18
      Avatar

        Release Notes: The implementation of the IKE Mode Config push mode allows interoperability with Cisco VPN gateways. By setting "modeconfig=push", strongSwan will wait for the peer to push down a virtual IP address that can be used within an IPsec tunnel. The default value of the new keyword is "modeconfig=pull". The command "ipsec statusall" now shows "DPD active" for all ISAKMP Security Associations that are under active Dead Peer Detection control.

        •  26 Sep 2006 13:20
        Avatar

          Release Notes: Many new features have been added to the IKEv2 charon daemon: support for pre-shared keys, 3DES- or AES-protected RSA private key files, 3DES encryption for IKEv2, SHA-2 hashes in X.509 certificate signatures, automatic insertion of firewall passthrough rules for VPN traffic, IPv6-in-IPv6 tunnels, and dead peer detection with clear, hold, or restart options. IKEv2 now allows for mixed-mode authentication in which the VPN server sends a certificate, and VPN clients use personal pre-shared secrets.

          •  28 Aug 2006 12:41
          Avatar

            Release Notes: Support was added for the ipsec route/unroute commands for IKEv2. This allows IKE_SAs and CHILD_SAs to be set up on demand when traffic to be tunnelled is detected by the kernel. Re-keying for IKE_SAs was added. As specified in the IKEv2 RFC, no re-authentication is done, only new keys are generated using perfect forward secrecy.

            •  14 Aug 2006 09:53
            Avatar

              Release Notes: By defining the USE_NAT_TRAVERSAL compile-time option, segmentation faults in the eroute, klipsdebug, and other KLIPS-related auxiliary functions were fixed. "sha" and "sha1" are now treated as synonyms in the ike and esp algorithm configuration statements in ipsec.conf.

              •  16 Jul 2006 20:00
              Avatar

                Release Notes: This release has achieved a large leap forward in its IKEv2 implementation: full support for X.509 certificate trust path verification including CRLs; transport protocol and port traffic selectors; NAT discovery and NAT traversal via UDP encapsulation and port floating, including graceful handling of peer IP address changes; and liveliness checks via a Dead Peer Detection scheme.

                •  26 Jun 2006 13:29
                Avatar

                  Release Notes: The mixed PSK/RSA roadwarrior detection capability introduced by the strongswan-2.7.0 release necessitated the pre-parsing of the IKE proposal payloads before any defined IKE Main Mode state had been established. Although bad proposal syntax was correctly being detected by the parser, the subsequent error handler didn't check the state pointer before logging current state information, causing an immediate crash of the pluto keying daemon due to a NULL pointer. This release fixes this vulnerability to malformed proposal payloads that could otherwise be exploited by Denial-of-Service attacks.

                  •  21 Jun 2006 19:56
                  Avatar

                    Release Notes: The IKEv2 daemon now supports the setup of host-to-host, net-to-net, and road warrior IPsec tunnel connections. Authentication is based on RSA signatures using locally loaded X.509 certificates. Child SA rekeying is possible, but for the time being should be treated as experimental. The make process has been rebuilt from scratch and uses autoconf. An IPv6 host-to-host scenario was added for IKEv1.

                    •  31 May 2006 11:18
                    Avatar

                      Release Notes: The following minor bugs were fixed. ipsec up|down|route|unroute could cause a pluto crash when used without a connection name. Unsuccessful name resolution when fetching a CRL via HTTP could cause a crash in the libcurl library on some 64-bit architectures. ipsec starter could not configure an ipsec0 PPP interface when used with Linux 2.4 KLIPS.

                      Screenshot

                      Project Spotlight

                      episoder

                      A tool to tell you about new episodes of your favourite TV shows.

                      Screenshot

                      Project Spotlight

                      BalanceNG

                      A modern software IP load balancer.