[strongSwan-dev] Announce: strongswan-5.2.1rc1 released

Andreas Steffen andreas.steffen at strongswan.org
Tue Oct 14 08:25:31 CEST 2014


Hi,

we are proud to announce the release candidate of your forthcoming
strongSwan 5.2.1 release which comes with some astounding new
features:

* Support for systemd

   The new charon-systemd IKE daemon implements an IKE daemon tailored
   for use with systemd. It avoids the dependency on ipsec starter and
   uses swanctl as configuration backend, building a simple and
   lightweight solution. Native systemd journal logging is supported.

* IKEv2 Fragmentation

   We support the new IKEv2 Fragmentation mechanism as defined by
   the RFC-to-be 7383 which avoids IP fragmentation of IKEv2 UDP
   datagrams exceeding the network's MTU size. This feature is activated
   by setting fragmentation=yes in ipsec.conf and setting the maximum
   IP packet size with the fragment_size parameter in the charon section
   of strongswan.conf. The following link shows an example scenario:

   http://www.strongswan.org/uml/testresults5rc/ikev2/net2net-fragmentation/

* Segmentation of large PA-TNC attributes

   We implemented the TCG TNC IF-M Segmentation Proposal which allows
   to transfer potentially huge attributes amounting to several
   megabytes of measurement data like the TCG/SWID Tag [ID] Inventory
   or IETF/Installed Packages attributes via the PA-TNC, PB-TNC and
   either PT-EAP or PT-TLS NEA protocol stack. By default segmented
   attributes are just reconstructed on the receiving side from the
   individual segments with the exeception of the three attribute
   types mentioned above which can be parsed and processed incrementally
   as the segments arrive one-by-one. The following link shows an
   example scenario retrieving SWID tags from Debian-based hosts:

   http://www.strongswan.org/uml/testresults5rc/tnc/tnccs-20-pdp-eap/

   Detailed comments on the log file generated by the strongSwan
   Policy Decision Point (PDP) can be found here:

    https://wiki.strongswan.org/projects/strongswan/wiki/PT-EAP-SWID

* Ruby Gem Interface for vici

   For the vici plugin a ruby gem has been added to allow ruby
   applications to control or monitor the IKE daemon. The vici
   documentation has been updated to include a description of the
   available operations and some simple examples using both the libvici
   C interface and the ruby gem.

 
https://wiki.strongswan.org/projects/strongswan/repository/revisions/master/entry/src/libcharon/plugins/vici/README.md

Please feel free to test the release candidate and give us feedback
on any issues you might encounter.

Best regards

Tobias Brunner, Andreas Steffen and Martin Willi

The strongSwan Team

======================================================================
Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Open Source VPN Solution!          www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4255 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20141014/570dfe22/attachment.bin>


More information about the Dev mailing list