[strongSwan] ANNOUNCE: strongswan-4.6.2 released
Andreas Steffen
andreas.steffen at strongswan.org
Tue Feb 21 04:25:32 CET 2012
Hi
we are proud to present strongSwan 4.6.2, offering the following new
features:
Trusted Network Connect
----------------------
- HSR master student Sansar Choinyambuu fully implemented the "TCG
Attestation Platform Trust Service (PTS) Protocol: Binding to IF-M"
standard (TLV-based messages only), making trustworthy remote
attestation based on a Trusted Platform Module (TPM) of the Linux
Integrity Measurement Architecture (IMA) or Intel TBOOT possible.
http://linux-ima.sourceforge.net/
Measurement reference values are automatically stored in an SQLite
database that can be managed using the new ipsec attest command line
tool.
* PTS Integrity Measurement Collector:
http://wiki.strongswan.org/projects/strongswan/wiki/PTS-IMC
* PTS Integrity Measurement Verifier:
http://wiki.strongswan.org/projects/strongswan/wiki/PTS-IMV
- Upgraded the TCG IF-IMC and IF-IMV C API to the upcoming version 1.3
which supports IF-TNCCS 2.0 long message types, the exclusive flag
and multiple IMC/IMV IDs. Both the TNC Client and Server as well as
the "Test", "Scanner", and "Attestation" IMC/IMV pairs were updated.
http://www.strongswan.org/uml/testresults/tnc/tnccs-20/
Overview on strongSwan's support of the TCG TNC/IETF NEA Framework:
http://www.strongswan.org/tnc/
RADIUS Accounting
-----------------
- The EAP-RADIUS authentication backend supports RADIUS accounting.
It sends start/stop messages containing Username, Framed-IP and
Input/Output-Octets attributes and has been tested against FreeRADIUS
and Microsoft NPS.
http://www.strongswan.org/uml/testresults/ikev2/rw-radius-accounting/
Tue Feb 7 16:32:21 2012
Acct-Status-Type = Start
Acct-Session-Id = "1328628738-1"
User-Name = "carol"
NAS-Port-Type = Virtual
NAS-Identifier = "strongSwan"
NAS-IP-Address = 10.1.0.1
Acct-Unique-Session-Id = "385526c5638de88a"
Timestamp = 1328628741
Request-Authenticator = Verified
Tue Feb 7 16:32:29 2012
Acct-Status-Type = Stop
Acct-Session-Id = "1328628738-1"
User-Name = "carol"
Acct-Output-Octets = 7100
Acct-Input-Octets = 7100
Acct-Session-Time = 8
NAS-Port-Type = Virtual
NAS-Identifier = "strongSwan"
NAS-IP-Address = 10.1.0.1
Acct-Unique-Session-Id = "385526c5638de88a"
Timestamp = 1328628749
Request-Authenticator = Verified
PKCS#8 Encoded Private Keys
---------------------------
- Added support for PKCS#8 encoded private keys via the libstrongswan
pkcs8 plugin. This is the default format used by some OpenSSL tools
since version 1.0.0 (e.g. openssl req with -keyout).
http://www.strongswan.org/uml/testresults/ikev2/rw-pkcs8/
http://www.strongswan.org/uml/testresults/openssl-ikev2/ecdsa-pkcs8/
TLS Session Resumption
----------------------
- Added session resumption support to the strongSwan TLS stack.
Please report any issues with the new release!
Best regards
Tobias Brunner, Andreas Steffen, Martin Willi
The strongSwan Team
======================================================================
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
More information about the Users
mailing list