4b7aea4880
- Updated to strongSwan 5.0.1 release. Changes digest: - Introduced the sending of the standard IETF Assessment Result PA-TNC attribute by all strongSwan Integrity Measurement Verifiers. - Extended PTS Attestation IMC/IMV pair to provide full evidence of the Linux IMA measurement process. All pertinent file information of a Linux OS can be collected and stored in an SQL database. - The PA-TNC and PB-TNC protocols can now process huge data payloads. - The xauth-pam backend can authenticate IKEv1 XAuth and Hybrid authenticated clients against any PAM service. - The new unity plugin brings support for some parts of the IKEv1 Cisco Unity Extensions. - The kernel-netlink plugin supports the new strongswan.conf option charon.install_virtual_ip_on. - Job handling in controller_t was fixed, which occasionally caused crashes on ipsec up/down. - Fixed transmission EAP-MSCHAPv2 user name if it contains a domain part. Changes digest from strongSwan 5.0.0 version: * The charon IKE daemon gained experimental support for the IKEv1 protocol. Pluto has been removed from the 5.x series. * The NetworkManager charon plugin of previous releases is now provided by a separate executable (charon-nm) and it should work again with NM 0.9. * scepclient was updated and it now works fine with Windows Server 2008 R2. - Adopted spec file, enabled several plugins, e.g.: ccm, certexpire, coupling, ctr, duplicheck, eap-dynamic, eap-peap, eap-tls, eap-tnc, eap-ttls, gcm, nonce, radattr, tnc, tnccs, unity, xauth-eap and pam. - Changed to install strongswan.service with alias to ipsec.service instead of the /etc/init.d/ipsec init script on openSUSE > 12.2. OBS-URL: https://build.opensuse.org/request/show/139871 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=46 |
||
---|---|---|
.gitattributes | ||
.gitignore | ||
README.SUSE | ||
strongswan_ipsec_service.patch | ||
strongswan_modprobe_syslog.patch | ||
strongswan-5.0.1-rpmlintrc | ||
strongswan-5.0.1.tar.bz2 | ||
strongswan-5.0.1.tar.bz2.sig | ||
strongswan.changes | ||
strongswan.init.in | ||
strongswan.spec |
Dear Customer, please note, that the strongswan release 4.5 changes the keyexchange mode to IKEv2 as default -- from strongswan-4.5.0/NEWS: "[...] IMPORTANT: the default keyexchange mode 'ike' is changing with release 4.5 from 'ikev1' to 'ikev2', thus commemorating the five year anniversary of the IKEv2 RFC 4306 and its mature successor RFC 5996. The time has definitively come for IKEv1 to go into retirement and to cede its place to the much more robust, powerful and versatile IKEv2 protocol! [...]" This requires adoption of either the "conn %default" or all other IKEv1 "conn" sections in the /etc/ipsec.conf to use explicit: keyexchange=ikev1 The strongswan package does no provide any files any more, but triggers the installation of both, IKEv1 (pluto) and IKEv2 (charon) daemons and the traditional starter scripts inclusive of the /etc/init.d/ipsec init script and /etc/ipsec.conf file. There is a new strongswan-nm package with a NetworkManager plugin to control the charon IKEv2 daemon through D-Bus, designed to work using the NetworkManager-strongswan graphical user interface. It does not depend on the traditional starter scripts, but on the IKEv2 charon daemon and plugins only. Have a lot of fun...