[Announce] ANNOUNCE: strongswan-4.1.1 released
Andreas Steffen
andreas.steffen at strongswan.org
Tue Apr 10 11:34:06 CEST 2007
Hi,
already two weeks after the initial 4.1 release we are happy to
announce the addition of several new features plus an IKEv1 bug fix:
IKEv1
-----
- Added the configuration options --enable-nat-transport which enables
the potentially insecure NAT traversal for IPsec transport mode and
--disable-vendor-id which disables the sending of the strongSwan
vendor ID.
- Fixed a long-standing bug in the pluto IKEv1 daemon which caused
a segmentation fault when a malformed payload was detected in the
IKE MR2 message and pluto tried to send an encrypted notification
message.
- Added the NATT_IETF_02_N Vendor ID in order to support IKEv1
connections with Windows 2003 Server which uses a wrong VID hash.
IKEv2
-----
- Server side cookie support. If to may IKE_SAs are in CONNECTING state,
cookies are enabled and protect against DoS attacks with faked source
addresses. Number of IKE_SAs in CONNECTING state is also limited per
peer address to avoid resource exhaustion. IKE_SA_INIT messages are
compared to properly detect retransmissions and incoming retransmits
are detected even if the IKE_SA is blocked (e.g. doing OCSP fetches).
- The IKEv2 daemon charon now supports dynamic http- and ldap-based CRL
fetching enabled by crlcheckinterval > 0 and caching fetched CRLs
by storing them locally to a file enabled by cachecrls=yes.
The new release is available from
http://www.strongswan.org/
Best regards
Martin Willi & Andreas Steffen
======================================================================
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
More information about the Announce
mailing list