[Announce] ANNOOUNCE: strongswan-4.1.2 released

Andreas Steffen andreas.steffen at strongswan.org
Wed May 2 22:00:09 CEST 2007

We proudly announce the latest strongswan-4.1.2 release
downloadable from


which brings a lot of minor feature enhancements:

IKEv1 features:

- The xauth_modules.verify_secret() function now passes
   the connection name.

- crlNumber is now listed by ipsec listcrls

IKEv2 features:

- Support for an additional Diffie-Hellman exchange when
   creating/rekeying a CHILD_SA in IKEv2 (PFS).
   PFS is enabled when the proposal contains a DH group
   (e.g. esp=aes128-sha1-modp1536"). Further, DH group negotiation
   is implemented properly for rekeying.

- Support for the AES-XCBC-96 MAC algorithm for IPsec SAs when
   using IKEv2 (requires linux >= 2.6.20). It is enabled using
   e.g. "esp=aes256-aesxcbc". Have a look at the scenario:


- Working IPv4-in-IPv6 and IPv6-in-IPv4 tunnels for linux >= 2.6.21.

- Added support for EAP modules which do not establish an MSK.

- Removed the dependencies from some /usr/include/linux/ headers by
   including xfrm.h, ipsec.h, and pfkeyv2.h, rtnetlink.h, netlink.h,
   and udp.h in the distribution.


Martin Willi & Andreas Steffen

Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org 

Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)

More information about the Announce mailing list