[Announce] ANNOUNCE: strongswan-2.8.6 released

Andreas Steffen andreas.steffen at strongswan.org
Wed Jul 4 08:09:44 CEST 2007 

we are happy to announce a new release in the old strongSwan 2.8 branch,
bringing the following new features:

Support of DynDNS hosts
-----------------------

- The parameter right|leftallowany parameters helps to handle
  the case where both peers possess dynamic IP addresses that are
  usually resolved using DynDNS or a similar service. The configuration

    right=peer.foo.bar
    rightallowany=yes

  can be used by the initiator to start up a connection to a peer
  by resolving peer.foo.bar into the currently allocated IP address.
  Thanks to the rightallowany flag the connection behaves later on
  as

   right=%any

  so that the peer can rekey the connection as an initiator when his
  IP address changes. An alternative notation is

    right=%peer.foo.bar

  which will implicitly set rightallowany=yes.

- ipsec starter now fails more gracefully in the presence of parsing
  errors. Flawed ca and conn sections are discarded and pluto is started
  if non-fatal errors only were encountered. If right=%peer.foo.bar
  cannot be resolved by DNS then right=%any will be used so that passive
  connections as a responder are still possible.


Support of the NSS softoken
---------------------------

- The new pkcs11initargs parameter that can be placed in the
  setup config section of /etc/ipsec.conf allows the definition
  of an argument string that is used with the PKCS#11 C_Initialize()
  function. This non-standard feature is required by the NSS softoken
  library. This patch was contributed by Robert Varga.


To the few people who downloaded strongswan-2.8.5 yesterday:
Please upgrade to 2.8.6 because unknown or misspelt keywords in
ipsec.conf cause an immediate segmentation fault.

The new release can be downloaded from

  http://www.strongswan.org/

The new features will also be available in the forthcoming
strongswan-4.1.4 release (we are a little delayed because we are
putting the finishing touches to our brand-new IKEv2 MOBIKE
implementation).

Best regards

Andreas

======================================================================
Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==

More information about the Announce mailing list