rjain/strongswan
SHA256
1
0
Fork 0
forked from jengelh/strongswan
Code Pull Requests Activity

Accepting request 72126 from home:j-engel:branches:network:vpn

Browse Source 
Update StrongSWAN to 4.5.2

OBS-URL: https://build.opensuse.org/request/show/72126
OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=26
This commit is contained in:
Marius Tomaschewski
2011-05-30 17:23:31 +00:00
committed by Git OBS Bridge
parent 9dc0c277ab
commit eeeeb9f61e
8 changed files with 58 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
strongswan.changes
View File

@@ -1,3 +1,38 @@
-------------------------------------------------------------------
Sun May 29 16:37:00 UTC 2011 - jcnengel@googlemail.com
- Updated to strongSwan 4.5.2 release, changes overview since 4.5.1:
* The whitelist plugin for the IKEv2 daemon maintains an in-memory identity
whitelist. Any connection attempt of peers not whitelisted will get rejected.
The 'ipsec whitelist' utility provides a simple command line frontend for
whitelist administration.
* The duplicheck plugin provides a specialized form of duplicate checking,
doing a liveness check on the old SA and optionally notify a third party
application about detected duplicates.
* The coupling plugin permanently couples two or more devices by limiting
authentication to previously used certificates.
* In the case that the peer config and child config don't have the same name
(usually in SQL database defined connections), ipsec up|route <peer config>
starts|routes all associated child configs and ipsec up|route <child config>
only starts|routes the specific child config.
* fixed the encoding and parsing of X.509 certificate policy statements (CPS).
* Duncan Salerno contributed the eap-sim-pcsc plugin implementing a
pcsc-lite based SIM card backend.
* The eap-peap plugin implements the EAP PEAP protocol. Interoperates
successfully with a FreeRADIUS server and Windows 7 Agile VPN clients.
* The IKEv2 daemon charon rereads strongswan.conf on SIGHUP and instructs
all plugins to reload. Currently only the eap-radius and the attr plugins
support configuration reloading.
* Added userland support to the IKEv2 daemon for Extended Sequence Numbers
support coming with Linux 2.6.39. To enable ESN on a connection, add
the 'esn' keyword to the proposal. The default proposal uses 32-bit sequence
numbers only ('noesn'), and the same value is used if no ESN mode is
specified. To negotiate ESN support with the peer, include both, e.g.
esp=aes128-sha1-esn-noesn.
* In addition to ESN, Linux 2.6.39 gained support for replay windows larger
than 32 packets. The new global strongswan.conf option 'charon.replay_window'
configures the size of the replay window, in packets.
-------------------------------------------------------------------
Mon Mar 14 10:59:32 UTC 2011 - mt@suse.de