[Announce] ANNOOUNCE: strongswan-4.1.2 released
Andreas Steffen
andreas.steffen at strongswan.org
Wed May 2 22:00:09 CEST 2007
We proudly announce the latest strongswan-4.1.2 release
downloadable from
http://www.strongswan.org/
which brings a lot of minor feature enhancements:
IKEv1 features:
- The xauth_modules.verify_secret() function now passes
the connection name.
- crlNumber is now listed by ipsec listcrls
IKEv2 features:
- Support for an additional Diffie-Hellman exchange when
creating/rekeying a CHILD_SA in IKEv2 (PFS).
PFS is enabled when the proposal contains a DH group
(e.g. esp=aes128-sha1-modp1536"). Further, DH group negotiation
is implemented properly for rekeying.
- Support for the AES-XCBC-96 MAC algorithm for IPsec SAs when
using IKEv2 (requires linux >= 2.6.20). It is enabled using
e.g. "esp=aes256-aesxcbc". Have a look at the scenario:
http://www.strongswan.org/uml/testresults4/ikev2/esp-alg-aesxcbc/
- Working IPv4-in-IPv6 and IPv6-in-IPv4 tunnels for linux >= 2.6.21.
- Added support for EAP modules which do not establish an MSK.
- Removed the dependencies from some /usr/include/linux/ headers by
including xfrm.h, ipsec.h, and pfkeyv2.h, rtnetlink.h, netlink.h,
and udp.h in the distribution.
Cheers
Martin Willi & Andreas Steffen
======================================================================
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
More information about the Announce
mailing list