[strongSwan] ANNOUNCE: strongswan-4.6.0 released

Andreas Steffen andreas.steffen at strongswan.org
Sun Nov 6 15:28:31 CET 2011


Hello,

the major 4.6.0 strongSwan version has been released and offers
the following new features:

Extended Android support
------------------------

- The android plugin can now be used without the Android frontend
  patch and provides DNS server registration and logging to logcat.

- The IKEv1 pluto daemon and the starter process including the
  stroke and whack interfaces have been ported to Android.


Automatic plugin dependency resolution
--------------------------------------

- The libstrongswan plugin system now supports detailed plugin
  dependencies. Many plugins have been extended to export their
  capabilities and requirements. This allows the plugin loader to
  resolve the plugin loading order automatically, and in future
  releases, to dynamically load the required features on demand.

-  Existing third party plugins are source (but not binary) compatible
   if they properly initialize the new get_features() plugin function
   to NULL.


Dynamic hostname resolution by the IKEv2 charon daemon
------------------------------------------------------

- starter passes unresolved hostnames to charon, allowing it to do name
  resolution not before the connection attempt. This is especially
  useful with connections between hosts using dynamic IP addresses.
  Thanks to Mirko Parthey for the initial patch.


New libstrongswan certexpire plugin
-----------------------------------

- The new libstrongswan certexpire plugin collects expiration
  information of all used certificates and exports them to CSV files.
  It either directly exports them or uses cron style scheduling for
  batch exports. For details consult the following HOWTO:

  http://wiki.strongswan.org/projects/strongswan/wiki/CertExpire


PKCS #11 support for ECC smartcards
-----------------------------------

- Support for ECDSA private and public key operations has been added
  to the pkcs11 plugin.  The plugin now also provides DH and ECDH via
  PKCS#11 and can use tokens as random number generators (RNG). By
  default only private key operations are enabled, more advanced
  features have to be enabled through options in strongswan.conf.
  This also applies to public key operations (even for keys not stored
  on the token) which were enabled by default before. For details
  consult the following HOWTO:

  http://wiki.strongswan.org/projects/strongswan/wiki/SmartCardsIKEv2


TCG TNC IF-MAP support
----------------------

- The tnc-ifmap plugin implements a TNC IF-MAP 2.0 client which can
  deliver metadata about IKE_SAs via a SOAP interface to a MAP server.
  The tnc-ifmap plugin requires the Apache Axis2/C library.

- The strongSwan TNC MAP client can connect e.g. to the irond MAP
  Server from Fachhochschule Hannover and the metatdata can be
  visualized using the irongui client application. For details
  consult the following HOWTO:

  http://wiki.strongswan.org/projects/strongswan/wiki/IfMap


Remote Attestation using the TCG PTS Binding to the TNC IF-M protocol
---------------------------------------------------------------------

- Remote attestation effected by the TCG Platform Trust Service (PTS)
  can be transferred via the TNC IF-M 1.0 protocol (RFC 5792 PA-TNC)
  to a strongSwan TNC server. Currently remote file measurements are
  supported with full TPM support expected for the 4.6.1 release.
  For details consult the following link:

  http://www.strongswan.org/uml/pts/


Best regards

Andreas Steffen, Tobias Brunner, Martin Willi

The strongSwan team

======================================================================
Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==




More information about the Users mailing list