[strongSwan] ANNOUNCE: strongswan-4.6.0 released
Andreas Steffen
andreas.steffen at strongswan.org
Sun Nov 6 15:28:31 CET 2011
Hello,
the major 4.6.0 strongSwan version has been released and offers
the following new features:
Extended Android support
------------------------
- The android plugin can now be used without the Android frontend
patch and provides DNS server registration and logging to logcat.
- The IKEv1 pluto daemon and the starter process including the
stroke and whack interfaces have been ported to Android.
Automatic plugin dependency resolution
--------------------------------------
- The libstrongswan plugin system now supports detailed plugin
dependencies. Many plugins have been extended to export their
capabilities and requirements. This allows the plugin loader to
resolve the plugin loading order automatically, and in future
releases, to dynamically load the required features on demand.
- Existing third party plugins are source (but not binary) compatible
if they properly initialize the new get_features() plugin function
to NULL.
Dynamic hostname resolution by the IKEv2 charon daemon
------------------------------------------------------
- starter passes unresolved hostnames to charon, allowing it to do name
resolution not before the connection attempt. This is especially
useful with connections between hosts using dynamic IP addresses.
Thanks to Mirko Parthey for the initial patch.
New libstrongswan certexpire plugin
-----------------------------------
- The new libstrongswan certexpire plugin collects expiration
information of all used certificates and exports them to CSV files.
It either directly exports them or uses cron style scheduling for
batch exports. For details consult the following HOWTO:
http://wiki.strongswan.org/projects/strongswan/wiki/CertExpire
PKCS #11 support for ECC smartcards
-----------------------------------
- Support for ECDSA private and public key operations has been added
to the pkcs11 plugin. The plugin now also provides DH and ECDH via
PKCS#11 and can use tokens as random number generators (RNG). By
default only private key operations are enabled, more advanced
features have to be enabled through options in strongswan.conf.
This also applies to public key operations (even for keys not stored
on the token) which were enabled by default before. For details
consult the following HOWTO:
http://wiki.strongswan.org/projects/strongswan/wiki/SmartCardsIKEv2
TCG TNC IF-MAP support
----------------------
- The tnc-ifmap plugin implements a TNC IF-MAP 2.0 client which can
deliver metadata about IKE_SAs via a SOAP interface to a MAP server.
The tnc-ifmap plugin requires the Apache Axis2/C library.
- The strongSwan TNC MAP client can connect e.g. to the irond MAP
Server from Fachhochschule Hannover and the metatdata can be
visualized using the irongui client application. For details
consult the following HOWTO:
http://wiki.strongswan.org/projects/strongswan/wiki/IfMap
Remote Attestation using the TCG PTS Binding to the TNC IF-M protocol
---------------------------------------------------------------------
- Remote attestation effected by the TCG Platform Trust Service (PTS)
can be transferred via the TNC IF-M 1.0 protocol (RFC 5792 PA-TNC)
to a strongSwan TNC server. Currently remote file measurements are
supported with full TPM support expected for the 4.6.1 release.
For details consult the following link:
http://www.strongswan.org/uml/pts/
Best regards
Andreas Steffen, Tobias Brunner, Martin Willi
The strongSwan team
======================================================================
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
More information about the Users
mailing list