[strongSwan-dev] ANNOUNCE: strongswan-4.5.1dr2 released

Andreas Steffen andreas.steffen at strongswan.org
Wed Dec 15 09:32:44 CET 2010


we are giving you a preview on the forthcoming 4.5.1 release
which currently is going to offer the following new features:

1) Full support of the RFC 5793 Trusted Network Connect protocol

strongSwan can be configured as

- an IKEv2 VPN Client with an integrated Posture Broker Client

- an IKEv2 VPN Gateway with an integrated Posture Broker Server

- an IKEv2 VPN Policy Enforcement Point with an EAP-RADIUS
  interface connecting to a remote AAA Server (e.g. FreeRADIUS).

Since the IETF hasn't decided on a PT transport protocol yet,
strongSwan currently uses EAP-TNC, specified by the TCG in

  IF-T Protocol Bindings for Tunneled EAP Methods version 1.1

As an outer tunneling protocol IKEv2-EAP-TTLS is used with
either password-based EAP-MD5 phase 2 client authentication
as in this example scenario:


or certificate-based EAP-TLS authentication as in:


Any Posture Collectors and Posture Validators that adhere to
the TCG's IF-IMC 1.2 and IF-IMV 1.2 interface specifications,
respectively, can be loaded by strongSwan via /etc/tnc_config.

The following HOWTO on our Wiki gives some configuration hints:


2) Extended SQL database configuration features

- The start_action field in the child_configs tables allows the
  automatic starting


  or routing


  of connections stored in an SQL database.

- Detailed specification of ordered IKE and ESP cipher suites using
   the new "proposals", "ike_config_proposal", and
   "child_config_proposal" tables:


- Configuration of CRL and OCSP URIs using the new
  "certificate_authorities" and "certificate_distribution_points"


Kind regards

Andreas Steffen

Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)

More information about the Dev mailing list