SHA256
1
0
forked from pool/strongswan
Go to file
Marius Tomaschewski 1a4d59ebd1 - Updated to strongSwan 4.6.1 release:
Changes in 4.6.1:
  - Because of changing checksums before and after installation which caused
    the integrity tests to fail we avoided directly linking libsimaka,
    libtls and libtnccs to those libcharon plugins which make use of these
    dynamiclibraries.
    Instead we linked the libraries to the charon daemon. Unfortunately
    Ubuntu 11.10 activated the --as-needed ld option which discards explicit
    links to dynamic libraries that are not actually used by the charon
    daemon itself, thus causing failures during the loading of the plugins
    which depend on these libraries for resolving external symbols.
  - Therefore our approach of computing  integrity checksums for plugins had
    to be changed radically by moving the hash generation from the
    compilation to the post-installation phase.
  Changes in 4.6.0:
  - The new libstrongswan certexpire plugin collects expiration information
    of all used certificates and exports them to CSV files. It either
    directly exports them or uses cron style scheduling for batch exports.
  - Starter passes unresolved hostnames to charon, allowing it to do name
    resolution not before the connection attempt. This is especially useful
    with connections between hosts using dynamic IP addresses.
    Thanks to Mirko Parthey for the initial patch.
  - The android plugin can now be used without the Android frontend patch
    and provides DNS server registration and logging to logcat.
  - Pluto and starter (plus stroke and whack) have been ported to Android.
  - Support for ECDSA private and public key operations has been added to
    the pkcs11 plugin.  The plugin now also provides DH and ECDH via PKCS#11
    and can use tokens as random number generators (RNG).  By default only
    private key operations are enabled, more advanced features have to be
    enabled by their option in strongswan.conf.  This also applies to public

OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=39
2012-02-15 13:32:28 +00:00
.gitattributes OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=1 2007-12-13 03:49:24 +00:00
.gitignore OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=1 2007-12-13 03:49:24 +00:00
README.SUSE - Updated to strongSwan 4.5.0 release, changes since 4.4.1 are: 2010-11-16 12:10:30 +00:00
strongswan_modprobe_syslog.patch Accepting request 33800 from network:vpn 2010-03-05 10:51:28 +00:00
strongswan-4.6.1-fmt-warnings.patch - Updated to strongSwan 4.6.1 release: 2012-02-15 13:32:28 +00:00
strongswan-4.6.1-glib.patch - Updated to strongSwan 4.6.1 release: 2012-02-15 13:32:28 +00:00
strongswan-4.6.1-rpmlintrc - Updated to strongSwan 4.6.1 release: 2012-02-15 13:32:28 +00:00
strongswan-4.6.1.tar.bz2 - Updated to strongSwan 4.6.1 release: 2012-02-15 13:32:28 +00:00
strongswan-4.6.1.tar.bz2.sig - Updated to strongSwan 4.6.1 release: 2012-02-15 13:32:28 +00:00
strongswan.changes - Updated to strongSwan 4.6.1 release: 2012-02-15 13:32:28 +00:00
strongswan.init.in OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=2 2008-02-19 13:17:02 +00:00
strongswan.spec - Updated to strongSwan 4.6.1 release: 2012-02-15 13:32:28 +00:00

Dear Customer,

please note, that the strongswan release 4.5 changes the keyexchange mode
to IKEv2 as default -- from strongswan-4.5.0/NEWS:
"[...]
IMPORTANT: the default keyexchange mode 'ike' is changing with release 4.5
from 'ikev1' to 'ikev2', thus commemorating the five year anniversary of the
IKEv2 RFC 4306 and its mature successor RFC 5996. The time has definitively
come for IKEv1 to go into retirement and to cede its place to the much more
robust, powerful and versatile IKEv2 protocol!
[...]"

This requires adoption of either the "conn %default" or all other IKEv1
"conn" sections in the /etc/ipsec.conf to use explicit:

	keyexchange=ikev1


The strongswan package does no provide any files any more, but triggers
the installation of both, IKEv1 (pluto) and IKEv2 (charon) daemons and the
traditional starter scripts inclusive of the /etc/init.d/ipsec init script
and /etc/ipsec.conf file.

There is a new strongswan-nm package with a NetworkManager plugin to
control the charon IKEv2 daemon through D-Bus, designed to work using the
NetworkManager-strongswan graphical user interface.
It does not depend on the traditional starter scripts, but on the IKEv2
charon daemon and plugins only. 

Have a lot of fun...