[Announce] ANNOUNCE: strongswan-4.0.2 released
andreas.steffen at strongswan.org
Sun Jul 16 18:00:35 CEST 2006
we are happy to announce the latest release of our IKEv2
implementation. We have achieved a large leap forward with the
following new features:
- Full X.509 certificate trust chain verification has been implemented
End entity certificates can be exchanged via CERT payloads. The
current default is leftsendcert=always, since CERTREQ payloads are not
supported yet. Optional CRLs must be imported locally into
- Added support for leftprotoport/rightprotoport parameters in IKEv2.
The IKEv2 standard itself would offer more powerful possibilities for
traffic selection, but the Linux kernel currently does not support it.
That's why we stick with these simple ipsec.conf rules for now.
- Added Dead Peer Detection (DPD) which checks liveliness of remote peer
if no IKE or ESP traffic is received. DPD is currently hardcoded
- Initial NAT traversal support in IKEv2. Charon includes NAT detection
notify payloads to detect NAT routers between the peers. It switches
to port 4500, uses UDP encapsulated ESP packets, handles peer address
changes gracefully and sends keep alive message periodically.
Thus strongSwan is currently the *only* Open Source IKEv2 implementation
with NAT traversal support.
strongSwan-4.0.2 is available from
and IKEv2 configuration examples can be found under the link
Martin Willi and Andreas Steffen
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution! www.strongswan.org
Institute of Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
More information about the Announce