forked from pool/strongswan
- Updated to strongSwan 4.5.2 release, changes overview since 4.5.2:
* Our private libraries (e.g. libstrongswan) are not installed directly in
prefix/lib anymore. Instead a subdirectory is used (prefix/lib/ipsec/ by
default). The plugins directory is also moved from libexec/ipsec/ to that
directory.
* The dynamic IMC/IMV libraries were moved from the plugins directory to
a new imcvs directory in the prefix/lib/ipsec/ subdirectory.
* Job priorities were introduced to prevent thread starvation caused by too
many threads handling blocking operations (such as CRL fetching).
* Two new strongswan.conf options allow to fine-tune performance on IKEv2
gateways by dropping IKE_SA_INIT requests on high load.
* IKEv2 charon daemon supports PASS and DROP shunt policies
preventing traffic to go through IPsec connections. Installation of the
shunt policies either via the XFRM netfilter or PFKEYv2 IPsec kernel
interfaces.
* The history of policies installed in the kernel is now tracked so that e.g.
trap policies are correctly updated when reauthenticated SAs are terminated.
* IMC/IMV Scanner pair implementing the RFC 5792 PA-TNC (IF-M) protocol.
Using "netstat -l" the IMC scans open listening ports on the TNC client
and sends a port list to the IMV which based on a port policy decides if
the client is admitted to the network.
* IMC/IMV Test pair implementing the RFC 5792 PA-TNC (IF-M) protocol.
* The IKEv2 close action does not use the same value as the ipsec.conf dpdaction
setting, but the value defined by its own closeaction keyword. The action
is triggered if the remote peer closes a CHILD_SA unexpectedly.
OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=28
This commit is contained in:
Git OBS Bridge
@@ -1,3 +1,32 @@
|
||||
-------------------------------------------------------------------
|
||||
Thu Sep 8 12:42:51 UTC 2011 - mt@suse.com
|
||||
|
||||
- Updated to strongSwan 4.5.2 release, changes overview since 4.5.2:
|
||||
* Our private libraries (e.g. libstrongswan) are not installed directly in
|
||||
prefix/lib anymore. Instead a subdirectory is used (prefix/lib/ipsec/ by
|
||||
default). The plugins directory is also moved from libexec/ipsec/ to that
|
||||
directory.
|
||||
* The dynamic IMC/IMV libraries were moved from the plugins directory to
|
||||
a new imcvs directory in the prefix/lib/ipsec/ subdirectory.
|
||||
* Job priorities were introduced to prevent thread starvation caused by too
|
||||
many threads handling blocking operations (such as CRL fetching).
|
||||
* Two new strongswan.conf options allow to fine-tune performance on IKEv2
|
||||
gateways by dropping IKE_SA_INIT requests on high load.
|
||||
* IKEv2 charon daemon supports PASS and DROP shunt policies
|
||||
preventing traffic to go through IPsec connections. Installation of the
|
||||
shunt policies either via the XFRM netfilter or PFKEYv2 IPsec kernel
|
||||
interfaces.
|
||||
* The history of policies installed in the kernel is now tracked so that e.g.
|
||||
trap policies are correctly updated when reauthenticated SAs are terminated.
|
||||
* IMC/IMV Scanner pair implementing the RFC 5792 PA-TNC (IF-M) protocol.
|
||||
Using "netstat -l" the IMC scans open listening ports on the TNC client
|
||||
and sends a port list to the IMV which based on a port policy decides if
|
||||
the client is admitted to the network.
|
||||
* IMC/IMV Test pair implementing the RFC 5792 PA-TNC (IF-M) protocol.
|
||||
* The IKEv2 close action does not use the same value as the ipsec.conf dpdaction
|
||||
setting, but the value defined by its own closeaction keyword. The action
|
||||
is triggered if the remote peer closes a CHILD_SA unexpectedly.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Sun May 29 16:37:00 UTC 2011 - jcnengel@googlemail.com
|
||||
|
||||
|
||||
Reference in New Issue
Block a user