[Announce] ANNOUNCE: strongswan-4.1.4 released

Andreas Steffen andreas.steffen at strongswan.org
Thu Jul 5 08:58:48 CEST 2007

IKEv2 - MOBIKE Support (RFC 4555)

Partial support for MOBIKE in IKEv2. The initiator acts on
network interface or IP address configuration changes and
updates IKE and IPsec SAs dynamically by sending a MOBIKE
UPDATE_SA_ADDRESSES notification to the peer. This avoids
the IPsec tunnel connections of having to be renegotiated.

Two examples can be found under the links:



IKEv1 - Better support of DynDNS hosts

- The new IKEv1 parameter right|leftallowany parameters helps to handle
   the case where both peers possess dynamic IP addresses that are
   usually resolved using DynDNS or a similar service. The configuration


   can be used by the initiator to start up a connection to a peer
   by resolving peer.foo.bar into the currently allocated IP address.
   Thanks to the rightallowany flag the connection behaves later on


   so that the peer can rekey the connection as an initiator when his
   IP address changes. An alternative notation is


   which will implicitly set rightallowany=yes. Three examples can be
   found under the links




- ipsec starter now fails more gracefully in the presence of parsing
   errors. Flawed ca and conn section are discarded and pluto is started
   if non-fatal errors only were encountered. If right=%peer.foo.bar
   cannot be resolved by DNS then right=%any will be used so that passive
   connections as a responder are still possible.

IKEv2 - Support of the NSS softoken

- The new pkcs11initargs parameter that can be placed in the
   setup config section of /etc/ipsec.conf allows the definition
   of an argument string that is used with the PKCS#11 C_Initialize()
   function. This non-standard feature is required by the NSS softoken
   library. This patch was contributed by Robert Varga.

The new release can be downloaded from


Best regards

Martin Willi & Andreas Steffen

P.S. Please contribute to our fastly expanding wiki found at

Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org 

Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)

More information about the Announce mailing list