[Announce] ANNOUNCE: strongswan-4.2.12 and NetworkManager-strongswan-1.0.0 released

Andreas Steffen andreas.steffen at strongswan.org
Tue Feb 24 11:54:48 CET 2009

We are happy to announce the release of strongSwan 4.2.12 which
improves the IKEv2 interoperability with the Windows 7 Agile VPN Client
and the first separate release 1.0.0 of the strongSwan VPN applet
for the GNOME NetworkManager.

- Definition of up to two DNS and/or up to two WINS IPv4 or IPv6
  nameservers in strongswan.conf. The syntax is

  charon {
    dns1 =
    dns2 =
    nbns1 =
    nbns2 =

  This information is sent to the peer via the IKEv2 Configuration
  Payload. On Linux peers the DNS information is added to
  /etc/resolv.conf and on Windows 7 peers both DNS and WINS
  information is assigned together with a virtual IP address to
  the virtual network adapter.

- Support of the IKEv2 EAP-MSCHAPv2 protocol.
  This allows EAP interoperability with a Windows 7 client as a
  strongSwan VPN gateway or with a Windows 2008 Server R2 as a
  strongSwan VPN client. A strongSwan - strongSwan scenario is
  shown here:


  THE EAP user credentials are stored in ipsec.secrets.
  The EAP-MSCHAPv2 plugin is activated with the following options

  ./configure --enable-md4 --enable-eap-identity --enable-eap-mschapv2

  A word of warning: The Windows 7 Beta Agile VPN client currently
  ignores the RSA signature sent by the VPN gateway. Therefore the
  server is authenticated solely based on the mutual property of
  the MS-CHAP v2 protocol which might be too weak. Thus for the
  time being we recommend the use of strong mutual authentication
  based on X.509 machine certificates as described in our Windows 7


- The strongSwan VPN applet for the GNOME NetworkManager is not part
  of the strongSwan 4.2.12 tarball any more but is distributed as a
  separate NetworkManager-strongswan-1.0.0 package available here:


  The installation and configuration either as a Ubuntu/Debian package
  or from the tarball is described in the NetworkManager HOWTO:


  We hope that NetworkManager-strongswan will quickly become an
  official package in all major Linux distributions.

  Best regards

  the strongSwan team: Tobias Brunner, Martin Willi, Andreas Steffen

Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)

More information about the Announce mailing list