[Announce] ANNOUNCE: strongswan-4.1.3 released

andi andreas.steffen at strongswan.org
Thu May 31 10:25:17 CEST 2007


we are happy to announce the latest stable release 4.1.3 from the
strongSwan booth at LinuxTag 2007 in Berlin.

New features and bug fixes:

- IKEv2: Peer configuration selection now can be based on a given 
  certification authority using the rightca= statement.

- IKEv2: Authentication based on RSA signatures now can handle multiple
  certificates issued for a given peer ID. This allows a smooth transition
  in the case of a peer certificate renewal.

- IKEv2: Support for requesting a specific virtual IP using leftsourceip on the
  client and returning requested virtual IPs using rightsourceip=%config
  on the server. If the server does not support configuration payloads, the
  client enforces its leftsourceip parameter.

- The ./configure options --with-uid/--with-gid allow pluto and charon
  to drop their privileges to a minimum and change to an other UID/GID. This
  improves the systems security, as a possible intruder may only get the
  CAP_NET_ADMIN capability.

- Further modularization of charon: Pluggable control interface and 
  configuration backend modules provide extensibility. The control interface
  for stroke is included, and further interfaces using DBUS (NetworkManager)
  or XML are on the way. A backend for storing configurations in the daemon
  is provided and more advanced backends (using e.g. a database) are trivial 
  to implement.

 - Fixed a compilation failure in libfreeswan occuring with Linux kernel
   headers > 2.6.17.

Visit us at LinuxTag!

Martin Willi & Andreas Steffen
Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org

Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)

More information about the Announce mailing list