Strongswan V4.5.0 - Novel Version

Our showtime postal service regarding strongSwan  can hold out establish here. Now, an update has been released – strongSwan v4.5.0.
“strongSwan is an OpenSource IPsec implementation for the Linux operating system. It is based on the discontinued FreeS/WAN projection together with the X.509 piece which nosotros developped over the final 3 years. In gild to accept a stable IPsec platform to base of operations our hereafter extensions of the X.509 capability on, nosotros decided to lauch the strongSwan project.“

This is the official changelog:

• IMPORTANT: The default keyexchange trend ‘ike’ is changing amongst unloosen 4.5 from ‘ikev1‘ to ‘ikev2‘, hence commemorating the 5 twelvemonth anniversary of the IKEv2 RFC 4306 together with its mature successor RFC 5996. The fourth dimension has definitively come upwardly for IKEv1 to larn into retirement together with to cede its house to the much to a greater extent than robust, powerful together with versatile IKEv2 protocol!
• Added novel ctr, ccm together with gcm plugins providing Counter, Counter amongst CBC-MAC together with Galois/Counter Modes based on existing CBC implementations. These novel plugins select back upwardly for AES together with Camellia Counter together with CCM algorithms together with the AES GCM algorithms for utilisation inwards IKEv2.
• The novel pkcs11 plugin brings amount Smartcard back upwardly to the IKEv2 daemon together with the pki utility using i or to a greater extent than PKCS#11 libraries. It currently supports RSA someone together with populace telephone commutation operations together with loads X.509 certificates from tokens.
• Implemented a full general role TLS stack based on crypto together with credential primitives of libstrongswan. libtls supports TLS versions 1.0, 1.1 together with 1.2, ECDHE-ECDSA/RSA, DHE-RSA together with RSA telephone commutation exchange algorithms together with RSA/ECDSA based customer authentication.
• Based on libtls, the eap-tls plugin brings certificate based EAP authentication for customer together with server. It is compatible to Windows seven IKEv2 Smartcard authentication together with the OpenSSL based FreeRADIUS EAP-TLS backend.
• Implemented the TNCCS 1.1 (Trusted Network Connect) protocol using the libtnc library on the strongSwan customer together with server side via the tnccs_11 plugin together with optionally connecting to a TNC@FHH-enhanced FreeRADIUS AAA server. Depending on the resulting TNC Recommendation, strongSwan clients are granted access to a network behind a strongSwan gateway (allow), are set into a remediation zone (isolate) or are blocked (none), respectively. Any set out of Integrity Measurement Collector/Verifier pairs tin hold out attached via the tnc-imc together with tnc-imv charon plugins.
• The IKEv1 daemon pluto directly uses the same essence interfaces equally the IKEv2 daemon charon. As a result of this, pluto directly supports xfrm marks which were introduced inwards charon amongst 4.4.1.
• Applets for Maemo 5 (Nokia) allow to easily configure together with command IKEv2 based VPN connections amongst EAP authentication on supported devices.
• The RADIUS plugin eap-radius directly supports multiple RADIUS servers for redundant setups. Servers are selected past times a defined priority, server charge together with availability.
• The simple led plugin controls hardware LEDs through the Linux LED subsystem. It currently shows activeness of the IKE daemon together with is a adept illustration how to implement a uncomplicated lawsuit listener.
• Improved MOBIKE demeanour inwards several corner cases, for instance, if the initial responder moves to a dissimilar address.
• Fixed left-/rightnexthop option, which was broken since 4.4.0.
• Fixed a põrnikas non releasing a virtual IP address to a puddle if the XAUTH identity was dissimilar from the IKE identity.
• Fixed the alignment of ModeConfig messages on 4-byte boundaries inwards the illustration where the attributes are non a multiple of four bytes (e.g. Cisco’s UNITY_BANNER).
• Fixed the interoperability of the socket_raw together with socket_default charon plugins.
• Added human being page for strongswan.conf

So you lot run into that IKEv2 is directly the default telephone commutation exchange mode. IKEv2 EAP-TLS, EAP-TTLS, together with EAP-TNC (Trusted Network Connect) authentication modes terminated either on a strongSwan gateway or a remote AAA server are supported. PKCS#11 smartcards are supported for IKEv2.
Download strongSwan v4.5.0  here.

Share This :