Go to file
Ismail Dönmez 4b7aea4880 Accepting request 139871 from network:vpn
- Updated to strongSwan 5.0.1 release. Changes digest:
  - Introduced the sending of the standard IETF Assessment Result
    PA-TNC attribute by all strongSwan Integrity Measurement Verifiers.
  - Extended PTS Attestation IMC/IMV pair to provide full evidence of
    the Linux IMA measurement process. All pertinent file information
    of a Linux OS can be collected and stored in an SQL database.
  - The PA-TNC and PB-TNC protocols can now process huge data payloads.
  - The xauth-pam backend can authenticate IKEv1 XAuth and Hybrid
    authenticated clients against any PAM service.
  - The new unity plugin brings support for some parts of the IKEv1
    Cisco Unity Extensions.
  - The kernel-netlink plugin supports the new strongswan.conf option
    charon.install_virtual_ip_on.
  - Job handling in controller_t was fixed, which occasionally caused
    crashes on ipsec up/down.
  - Fixed transmission EAP-MSCHAPv2 user name if it contains a domain
    part.
  Changes digest from strongSwan 5.0.0 version:
  * The charon IKE daemon gained experimental support for the IKEv1
    protocol. Pluto has been removed from the 5.x series.
  * The NetworkManager charon plugin of previous releases is now
    provided by a separate executable (charon-nm) and it should work
    again with NM 0.9.
  * scepclient was updated and it now works fine with Windows Server
    2008 R2.
- Adopted spec file, enabled several plugins, e.g.: ccm, certexpire,
  coupling, ctr, duplicheck, eap-dynamic, eap-peap, eap-tls, eap-tnc,
  eap-ttls, gcm, nonce, radattr, tnc, tnccs, unity, xauth-eap and pam.
- Changed to install strongswan.service with alias to ipsec.service
  instead of the /etc/init.d/ipsec init script on openSUSE > 12.2.

OBS-URL: https://build.opensuse.org/request/show/139871
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=46
2012-11-08 20:54:04 +00:00
.gitattributes OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=1 2007-12-13 03:49:24 +00:00
.gitignore OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=1 2007-12-13 03:49:24 +00:00
README.SUSE - Updated to strongSwan 4.5.0 release, changes since 4.4.1 are: 2010-11-16 12:10:30 +00:00
strongswan_ipsec_service.patch - Updated to strongSwan 5.0.1 release. Changes digest: 2012-10-31 16:08:08 +00:00
strongswan_modprobe_syslog.patch - WORK-IN-PROGRESS snapshot: Update to strongSwan 5.0.1 2012-10-30 17:16:52 +00:00
strongswan-5.0.1-rpmlintrc - WORK-IN-PROGRESS snapshot: Update to strongSwan 5.0.1 2012-10-30 17:16:52 +00:00
strongswan-5.0.1.tar.bz2 - WORK-IN-PROGRESS snapshot: Update to strongSwan 5.0.1 2012-10-30 17:16:52 +00:00
strongswan-5.0.1.tar.bz2.sig - WORK-IN-PROGRESS snapshot: Update to strongSwan 5.0.1 2012-10-30 17:16:52 +00:00
strongswan.changes - Adopted spec file, enabled several plugins, e.g.: ccm, certexpire, 2012-10-31 16:13:18 +00:00
strongswan.init.in - Fixed rpmlint runlevel & fsf warnings, updated rpmlintrc 2012-02-15 13:48:10 +00:00
strongswan.spec - Updated to strongSwan 5.0.1 release. Changes digest: 2012-10-31 16:08:08 +00:00

Dear Customer,

please note, that the strongswan release 4.5 changes the keyexchange mode
to IKEv2 as default -- from strongswan-4.5.0/NEWS:
"[...]
IMPORTANT: the default keyexchange mode 'ike' is changing with release 4.5
from 'ikev1' to 'ikev2', thus commemorating the five year anniversary of the
IKEv2 RFC 4306 and its mature successor RFC 5996. The time has definitively
come for IKEv1 to go into retirement and to cede its place to the much more
robust, powerful and versatile IKEv2 protocol!
[...]"

This requires adoption of either the "conn %default" or all other IKEv1
"conn" sections in the /etc/ipsec.conf to use explicit:

	keyexchange=ikev1


The strongswan package does no provide any files any more, but triggers
the installation of both, IKEv1 (pluto) and IKEv2 (charon) daemons and the
traditional starter scripts inclusive of the /etc/init.d/ipsec init script
and /etc/ipsec.conf file.

There is a new strongswan-nm package with a NetworkManager plugin to
control the charon IKEv2 daemon through D-Bus, designed to work using the
NetworkManager-strongswan graphical user interface.
It does not depend on the traditional starter scripts, but on the IKEv2
charon daemon and plugins only. 

Have a lot of fun...