[Announce] ANNOUNCE: strongswan-4.1.9 released

Andreas Steffen andreas.steffen at strongswan.org
Wed Dec 5 09:20:52 CET 2007

we are happy to announce the strongSwan 4.1.9 release available from


and which offers the following major new features:

- Repeated authentication (RFC 4478)

   Repeated authentication forces VPN clients using IKEv2 EAP
   authentication or requesting virtual IPs to periodically
   re-establish an IKE_SA as an initiator.

- Fully tested support of IPv6 IPsec connections

   We thoroughly tested IPv6 host-host, net-net and roadwarrior
   IPsec connections for both IKEv1 and IKEv2 and documented the


   The scenarios also show the seamless integration of ip6tables
   firewall rules thanks to an extended IPv6-aware _updown script.

- Interactive strongSwan Manager

   The FastCGI-based strongSwan Manager web interface interface
   now allows the interactive starting and stopping of IKE and CHILD SAs:


- Renaming of charon plugin libraries

   Because of potential naming conflicts that occurred when building
   the new openSUSE strongSwan RPM package


   all dynamic IKEv2 charon plugins have been renamed to libcharon-*.so.
   When updating strongswan-4.1.9 make sure to remove the old plugins in
   the $libexecdir/ipsec/plugins directory, otherwise they would be
   loaded twice. We apologize for the inconvenience.

- Preview of new IKEv2 P2P NAT traversal functionality

   strongSwan team member Tobias Brunner has finished a first prototype
   implementation of his IKEv2-based IPsec Peer-to-Peer NAT traversal
   protocol(IPsec P2P NAT) which allows the setup of an IPsec tunnel in
   double NAT situations by using endpoint discovery with the help of an
   IKEv2 mediation server, followed by a concerted hole punching effort
   by the peers to create a direct connection through the NAT routers.
   Have a look at the following sample scenario:


4.1.9 will not the last release in 2008. Rather look forward with
anticipation to the strongSwan Christmas Edition :-)

Best regards

Martin Willi              Tobias Brunner     Andreas Steffen
IKEv2 Software Architect  P2P NAT Traversal  strongSwan Project Leader

Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org 

Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)

More information about the Announce mailing list