SHA256
1
0
forked from pool/strongswan
Go to file
Marius Tomaschewski 809353c19b - Re-enabled gcrypt plugin and reverted to not enforce fips again
as this breaks gcrypt and openssl plugins when the fips pattern
  option is not installed (fate#316931,bnc#856322).
- Added empty strongswan-hmac package supposed to provide fips hmac
  files and enforce fips compliant operation later (bnc#856322).
- Cleaned up conditional build flags in the rpm spec file.

OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=73
2014-09-26 16:21:04 +00:00
.gitattributes OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=1 2007-12-13 03:49:24 +00:00
.gitignore OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=1 2007-12-13 03:49:24 +00:00
README.SUSE - Updated to strongSwan 4.5.0 release, changes since 4.4.1 are: 2010-11-16 12:10:30 +00:00
strongswan_ipsec_service.patch - Updated to strongSwan 5.0.1 release. Changes digest: 2012-10-31 16:08:08 +00:00
strongswan_modprobe_syslog.patch - WORK-IN-PROGRESS snapshot: Update to strongSwan 5.0.1 2012-10-30 17:16:52 +00:00
strongswan-5.1.3-rpmlintrc - Updated to strongSwan 5.1.3 providing the following changes: 2014-04-15 06:12:43 +00:00
strongswan-5.1.3.tar.bz2 - Updated to strongSwan 5.1.3 providing the following changes: 2014-04-15 06:12:43 +00:00
strongswan-5.1.3.tar.bz2.sig - Updated to strongSwan 5.1.3 providing the following changes: 2014-04-15 06:12:43 +00:00
strongswan.changes - Re-enabled gcrypt plugin and reverted to not enforce fips again 2014-09-26 16:21:04 +00:00
strongswan.init.in - Fixed rpmlint runlevel & fsf warnings, updated rpmlintrc 2012-02-15 13:48:10 +00:00
strongswan.keyring Accepting request 143934 from home:sbrabec:gpg-offline-verify 2012-12-04 10:25:06 +00:00
strongswan.spec - Re-enabled gcrypt plugin and reverted to not enforce fips again 2014-09-26 16:21:04 +00:00

Dear Customer,

please note, that the strongswan release 4.5 changes the keyexchange mode
to IKEv2 as default -- from strongswan-4.5.0/NEWS:
"[...]
IMPORTANT: the default keyexchange mode 'ike' is changing with release 4.5
from 'ikev1' to 'ikev2', thus commemorating the five year anniversary of the
IKEv2 RFC 4306 and its mature successor RFC 5996. The time has definitively
come for IKEv1 to go into retirement and to cede its place to the much more
robust, powerful and versatile IKEv2 protocol!
[...]"

This requires adoption of either the "conn %default" or all other IKEv1
"conn" sections in the /etc/ipsec.conf to use explicit:

	keyexchange=ikev1


The strongswan package does no provide any files any more, but triggers
the installation of both, IKEv1 (pluto) and IKEv2 (charon) daemons and the
traditional starter scripts inclusive of the /etc/init.d/ipsec init script
and /etc/ipsec.conf file.

There is a new strongswan-nm package with a NetworkManager plugin to
control the charon IKEv2 daemon through D-Bus, designed to work using the
NetworkManager-strongswan graphical user interface.
It does not depend on the traditional starter scripts, but on the IKEv2
charon daemon and plugins only. 

Have a lot of fun...