[strongSwan-dev] ANNOUNCE: strongswan-4.4.0rc1

Andreas Steffen andreas.steffen at strongswan.org
Sat Apr 24 15:35:04 CEST 2010


Hi,

we are happy to announce the first release candidate of the
forthcoming strongSwan 4.4 release. This major version offers the
following new features:

* IKEv2 High Availability
   -----------------------

   The IKEv2 High Availability plugin has been integrated. It provides
   load sharing and fail-over capabilities in a cluster of currently
   two nodes, based on an extended ClusterIP kernel module. More
   information is available at

   http://wiki.strongswan.org/projects/strongswan/wiki/HighAvailability

   The development of the High Availability functionality was sponsored
   by secunet Security Networks AG.


* Diffie-Hellman Groups 22, 23, 24 with prime order subgroups
   -----------------------------------------------------------

   Added support for Diffie-Hellman groups 22, 23 and 24 to the gmp,
   gcrypt and openssl plugins, usable by both pluto and charon. The
   new proposal keywords are

     modp1024s160, modp2048s224, and modp2048s256

   as the following IKEv1 and IKEv2 example scenarios show:

   http://www.strongswan.org/uml/testresults44rc/ikev1/alg-modp-subgroup/

   http://www.strongswan.org/uml/testresults44rc/ikev2/alg-modp-subgroup/

   Thanks to Joy Latten from IBM for her contribution.


* RAM-based virtual IP address pools for pluto
   --------------------------------------------

   The pluto daemon inherited the popular RAM-based virtual IP
   address pool functionality from the charon daemon. The directive

     rightsourceip=<subnet>

   defines a subnet from which addresses dynamically are allocated
   as the following example scenario shows

   http://www.strongswan.org/uml/testresults44rc/ikev1/ip-pool/


* DHCP and ARP Proxy support
   --------------------------

   The new dhcp plugin queries virtual IP addresses for clients from
   a DHCP server using broadcasts or a defined server using the

     charon.plugins.dhcp.server =

   strongswan.conf option. Additionally DNS/WINS server information
   is served to clients if the DHCP server provides such information.
   The plugin is used in ipsec.conf configurations with the setting

     rightsourceip=%dhcp.

   A new plugin called farp handles ARP responses for virtual IP
   addresses handed out to clients by the IKEv2 daemon charon.
   The plugin lets a road-warrior act as a client on the local LAN
   if it uses a virtual IP from the responders subnet, e.g. acquired
   via the dhcp plugin. The following example scenarios show the use
   of the dhcp and farp plugins:

   http://www.strongswan.org/uml/testresults44rc/ikev2/dhcp-dynamic/

http://www.strongswan.org/uml/testresults44rc/ikev2/dhcp-static-client-id/

   http://www.strongswan.org/uml/testresults44rc/ikev2/dhcp-static-mac/

   http://www.strongswan.org/uml/testresults44rc/ikev2/farp/


* Arbitrary IKEv2 source and destination ports
   --------------------------------------------

   The existing IKEv2 socket implementations have been migrated to the
   socket-default and the socket-raw plugins. The new socket-dynamic
   plugin binds sockets dynamically to ports configured via the

     left|rightikeport

   ipsec.conf connection parameters.


* Android Support
   ---------------

   The android plugin stores received DNS server information as
   "net.dns" system properties, as used by the Android platform.
   Thanks to the new libcharon library the IKEv2 charon daemon
   can now be built monolithically. For more information on the
   Android build see

   http://wiki.strongswan.org/projects/strongswan/wiki/Android


* Storage of public and private keys in PEM format
   ------------------------------------------------

   The ipsec pki --gen and --pub commands now allow the output of
   private and public keys in PEM format using the --outform pem
   command line option.

Please give the new features a try and report any problems quickly.
ETA for the stable strongSwan 4.4.0 release is the beginning of May.

Best regards from the strongSwan team

Andreas Steffen, Tobias Brunner & Martin Willi

======================================================================
Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==




More information about the Dev mailing list