[Announce] ANNOUNCE: strongswan-4.3.0 released

Fri Apr 24 14:38:51 CEST 2009

Hi,

we proudly present the first release of the new strongSwan 4.3 branch
which offers the following two major features:

- IKEv2 Multiple Authentication Exchanges (RFC 4739)
  --------------------------------------------------

  Initiators and responders can use several authentication rounds
  (e.g. RSA followed by EAP) to authenticate. The new ipsec.conf
  leftauth/rightauth and leftauth2/rightauth2 parameters define
  their own authentication rounds and setup constraints for the
  remote peer. See the ipsec.conf man page for more details.

  A typical sample scenario using mutual RSA authentication in
  the first round and EAP-SIM client authentication in the second
  round can be found under the link

http://www.strongswan.org/uml/testresults43/ikev2/mult-auth-rsa-eap-sim-id/

- Use of libstrongswan in the IKEv1 pluto code
  --------------------------------------------

  We refactored the pluto and scepclient code to share basic functions
  (memory allocation, leak detective, chunk handling, printf_hooks,
  strongswan.conf attributes, ASN.1 parser, etc.) with the libstrongswan
  library.

  As a first benefit, up to two DNS and WINS servers to be sent via
  the IKEv1 ModeConfig protocol can be configured in the pluto section
  of /etc/strongswan.conf:

  pluto {
          dns1 =
          dns2 =
          nbns1 =
          nbns2 =
  }

  A configuration example can be found under the link

  http://www.strongswan.org/uml/testresults43/ikev1/mode-config/

And here some more features:

- If glibc printf hooks (register_printf_function) are not available,
  strongSwan can use the vstr string library to run on non-glibc
  systems.

- The IKEv2 charon daemon now supports the ESP CAMELLIA-CBC cipher
  (esp=camellia128|192|256).

  A sample scenario can be found under the link

  http://www.strongswan.org/uml/testresults43/ikev2/esp-alg-camellia/

Due to the heavy refactoring of large parts of both the IKEv1 and IKEv2
source code we strongly advise *against* using 4.3.0 in mission critical
applications. Please use the stable strongSwan 4.2.14 version on
production systems instead, at least until the release of 4.3.1.

Best regards

Martin Willi                Andreas Steffen
IKEv2 Software Architect    strongSwan Project Leader

======================================================================
Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org

Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==