- Updated to strongSwan 4.5.0 release, changes since 4.4.1 are:
* IMPORTANT: the default keyexchange mode 'ike' is changing with
release 4.5 from 'ikev1' to 'ikev2', thus commemorating the five
year anniversary of the IKEv2 RFC 4306 and its mature successor
RFC 5996. The time has definitively come for IKEv1 to go into
retirement and to cede its place to the much more robust, powerful
and versatile IKEv2 protocol!
* Added new ctr, ccm and gcm plugins providing Counter, Counter
with CBC-MAC and Galois/Counter Modes based on existing CBC
implementations. These new plugins bring support for AES and
Camellia Counter and CCM algorithms and the AES GCM algorithms
for use in IKEv2.
* The new pkcs11 plugin brings full Smartcard support to the IKEv2
daemon and the pki utility using one or more PKCS#11 libraries. It
currently supports RSA private and public key operations and loads
X.509 certificates from tokens.
* Implemented a general purpose TLS stack based on crypto and
credential primitives of libstrongswan. libtls supports TLS
versions 1.0, 1.1 and 1.2, ECDHE-ECDSA/RSA, DHE-RSA and RSA key
exchange algorithms and RSA/ECDSA based client authentication.
* Based on libtls, the eap-tls plugin brings certificate based EAP
authentication for client and server. It is compatible to Windows
7 IKEv2 Smartcard authentication and the OpenSSL based FreeRADIUS
EAP-TLS backend.
* Implemented the TNCCS 1.1 Trusted Network Connect protocol using
the libtnc library on the strongSwan client and server side via
the tnccs_11 plugin and optionally connecting to a TNC@FHH-enhanced
FreeRADIUS AAA server. Depending on the resulting TNC Recommendation,
strongSwan clients are granted access to a network behind a
strongSwan gateway (allow), are put into a remediation zone (isolate)
or are blocked (none), respectively.
Any number of Integrity Measurement Collector/Verifier pairs can be
attached via the tnc-imc and tnc-imv charon plugins.
* The IKEv1 daemon pluto now uses the same kernel interfaces as the
IKEv2 daemon charon. As a result of this, pluto now supports xfrm
marks which were introduced in charon with 4.4.1.
* The RADIUS plugin eap-radius now supports multiple RADIUS servers
for redundant setups. Servers are selected by a defined priority,
server load and availability.
* The simple led plugin controls hardware LEDs through the Linux LED
subsystem. It currently shows activity of the IKE daemon and is a
good example how to implement a simple event listener.
* Improved MOBIKE behavior in several corner cases, for instance,
if the initial responder moves to a different address.
* Fixed left-/rightnexthop option, which was broken since 4.4.0.
* Fixed a bug not releasing a virtual IP address to a pool if the
XAUTH identity was different from the IKE identity.
* Fixed the alignment of ModeConfig messages on 4-byte boundaries
in the case where the attributes are not a multiple of 4 bytes
(e.g. Cisco's UNITY_BANNER).
* Fixed the interoperability of the socket_raw and socket_default
charon plugins.
* Added man page for strongswan.conf
- Adopted spec file, removed obsolete error range patch.
OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=20
2010-11-16 13:10:30 +01:00
|
|
|
-----BEGIN PGP SIGNATURE-----
|
|
|
|
|
Version: GnuPG v1.4.10 (GNU/Linux)
|
|
|
|
|
|
|
|
|
|
iQGcBAABAgAGBQJMykZ7AAoJEN9CwXCzTbp36BYL/A9q4F2n7EHvVW7HTmG6ogMw
|
|
|
|
|
are1n1ZYRdqUmrdk2woCqJPfkzihHMa1nc7u6hgucRDi7wJfJBXoAT0Rvd9AN8qw
|
|
|
|
|
bKuaajKRvXFA14qtORvkX4z+Se+/nqL3+ZlvlnPS6rgpdBD+kZY+sFNdSAhJxShJ
|
|
|
|
|
zbJ4U+jnO74pyzp8I9hp1HccPKJjt/ljlCB7izPqJ1bQAbrNTQr90JHPNz9BSQkq
|
|
|
|
|
BIF5T+nsRWE1p2tWzz6IAjvbC3ghc2lmVy5FGKjItMXWxsyCYuira4MlbGp2ObKE
|
|
|
|
|
1aa9QbNYxJ0aD0vsX+r8usXvpdq5QLQotp1bLG2m2XYWdzC4yBwRHj2pS8JHIENP
|
|
|
|
|
y9o4za9finsG1Ahb661+2Pw7xO/R2blLDDQyhxH5e6AO7p4Pz050yiicCxVKEwG0
|
|
|
|
|
mJM6c5TbAerBCH2ovgwNeGV3hsOt9ng7e63SMIBkYtN41uQV8hqUjZbtYcvpsER2
|
|
|
|
|
bB/Jdp14aR1F9jMgEmt/I6tNHizJWvB5FFGLqH2cTQ==
|
|
|
|
|
=o5iz
|
|
|
|
|
-----END PGP SIGNATURE-----
|