[Announce] ANNOUNCE: strongswan-2.6.3 released

Andreas Steffen andreas.steffen at strongswan.org
Sun Mar 12 18:34:35 CET 2006


the release of strongswan-2.6.3 is a further step in the direction
of completely replacing the "ipsec setup" and "ipsec auto" scripts
by the the simpler "ipsec" command interface which in turn calls the
fast internal "ipsec starter" and "ipsec whack" C functions:

- During installation strongSwan installs the ipsec command either
   in /etc/rc.d/ or /etc/init.d/ depending on the Linux distribution.
   Some Linux distributions come with an init script of their own
   that either could call "ipsec" or "ipsec starter" to start and
   stop strongSwan.
- The ipsec starter now supports the auth=ah option in ipsec.conf
   which causes an AH header to be prepended to each ESP packet
   whereas the default value auth=esp appends a HMAC checksum at
   the tail of each ESP packet. Two new UML scenarios give the details:


- The PKCS#11 RSA encryption/decryption functions can now be used
   directly via the ipsec interface:

    ipsec scencrypt <args>
    ipsec scdecrypt <args>

When the native NETKEY IPsec stack of the Linux 2.6 kernel is used
then "ipsec status" now displays the precise time interval that has
elapsed since the last use of each active eroute. This information
gathered via the XFRM NETLINK interface is also used to decide
whether to send the R_U_THERE keep-alive packets employed by the
Dead Peer Detection protocol (DPD).

As always the latest release can be downloaded from


Best regards

Andreas Steffen

Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute of Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)

More information about the Announce mailing list