[strongSwan-dev] ANNOUNCE: strongswan-4.5.1dr2 released

Andreas Steffen andreas.steffen at strongswan.org
Wed Dec 15 09:32:44 CET 2010 

Hello,

we are giving you a preview on the forthcoming 4.5.1 release
which currently is going to offer the following new features:


1) Full support of the RFC 5793 Trusted Network Connect protocol
   -------------------------------------------------------------

strongSwan can be configured as

- an IKEv2 VPN Client with an integrated Posture Broker Client

- an IKEv2 VPN Gateway with an integrated Posture Broker Server

- an IKEv2 VPN Policy Enforcement Point with an EAP-RADIUS
  interface connecting to a remote AAA Server (e.g. FreeRADIUS).

Since the IETF hasn't decided on a PT transport protocol yet,
strongSwan currently uses EAP-TNC, specified by the TCG in

  IF-T Protocol Bindings for Tunneled EAP Methods version 1.1

As an outer tunneling protocol IKEv2-EAP-TTLS is used with
either password-based EAP-MD5 phase 2 client authentication
as in this example scenario:

http://www.strongswan.org/uml/testresults45dr/ikev2/rw-eap-tnc-20/

or certificate-based EAP-TLS authentication as in:

http://www.strongswan.org/uml/testresults45dr/ikev2/rw-eap-tnc-20-tls/

Any Posture Collectors and Posture Validators that adhere to
the TCG's IF-IMC 1.2 and IF-IMV 1.2 interface specifications,
respectively, can be loaded by strongSwan via /etc/tnc_config.

The following HOWTO on our Wiki gives some configuration hints:

http://wiki.strongswan.org/projects/strongswan/wiki/TrustedNetworkConnect


2) Extended SQL database configuration features
   --------------------------------------------

- The start_action field in the child_configs tables allows the
  automatic starting

http://www.strongswan.org/uml/testresults45dr/sql/net2net-start-pem/

  or routing


http://www.strongswan.org/uml/testresults45dr/sql/net2net-route-pem/

  of connections stored in an SQL database.

- Detailed specification of ordered IKE and ESP cipher suites using
   the new "proposals", "ike_config_proposal", and
   "child_config_proposal" tables:

http://www.strongswan.org/uml/testresults45dr/sql/net2net-start-pem/moon.ipsec.sql

- Configuration of CRL and OCSP URIs using the new
  "certificate_authorities" and "certificate_distribution_points"
  tables:

http://www.strongswan.org/uml/testresults45dr/sql/multi-level-ca/moon.ipsec.sql


Kind regards

Andreas Steffen

======================================================================
Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==

More information about the Dev mailing list