[Announce] ANNOUNCE: strongswan-4.0.4 released

Andreas Steffen andreas.steffen at strongswan.org
Tue Sep 26 10:41:00 CEST 2006

We are happy to announce the release of the latest strongSwan
IKEv1 & IKEv2 development version which is rapidly reaching maturity.

Version 4.0.4 offers the following new features:

- Added support for preshared keys in IKEv2. PSK keys configured in
   ipsec.secrets are loaded. The authby parameter specifies the
   authentication method to authentificate ourself, the other peer may
   use PSK or RSA. See the scenarios


- Added configuration options for dead peer detection in IKEv2.
   dpdaction types "clear", "hold" and "restart" are supported.
   The dpd_timeout value is not used, as the normal retransmission policy
   applies to detect dead peers. The dpd_delay parameter enables sending
   of empty informational message to detect dead peers in case of
   inactivity. See the scenarios


- Changed retransmission policy to respect the keyingtries parameter.

- Implemented full support for IPv6-in-IPv6 tunnels.

- Added private key decryption. PEM keys encrypted with AES-128/192/256
   or 3DES are supported.

- Implemented DES/3DES algorithms in libstrongswan. 3DES can now be used
   to encrypt IKE traffic.

- Implemented SHA-256/384/512 in libstrongswan, allows usage of
   certificates signed with these stronger hash algorithms.

- Added initial support for updown scripts. The actions up-host/client
   and down-host/client are executed. The leftfirewall=yes parameter
   uses the default updown script to insert dynamic firewall rules,
   a custom updown script may be specified with the leftupdown parameter.
   Most IKEv2 scenarios


   have been updated to show the use of the leftfirewall=yes and
   hostaccess=yes parameters.

As usual strongswan-4.0.4 can be downloaded from


A mirror of our SVN repository is offering the latest IKEv2 sources
via the link


Best regards

Martin Willi     strongSwan-4.x main developer
Andreas Steffen  strongSwan project leader

Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org 

Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)

More information about the Announce mailing list