[strongSwan] ANNOUNCE: strongswan-5.0.2rc1 released
Andreas Steffen
andreas.steffen at strongswan.org
Mon Jan 21 07:38:19 CET 2013
Hi,
many of you have been waiting for the 5.0.2 release. With our first
release candidate you get a preview of the many new features of our
next stable release expected at the end of this month:
New IKEv1 Features
------------------
- Support for the proprietary IKEv1 fragmentation extension has
been added. Fragments are always handled on receipt but only
sent if supported by the peer and if enabled with the new
"fragmentation = yes" ipsec.conf option.
- IKEv1 in charon can now parse certificates received in PKCS#7
containers and supports NAT traversal as used by Windows XP
clients. Patches courtesy of Volker Ruemelin.
New IKEv2 Features
------------------
- IKEv2 proposals can now use a PRF algorithm different to that
defined for integrity protection. If an algorithm with a "prf"
prefix is defined explicitly (such as prfsha1 or prfsha256),
no implicit PRF algorithm based on the integrity algorithm is
added to the proposal.
New Trusted Network Connect Features
------------------------------------
- Implemented all IETF RFC Standard 5792 PA-TNC attributes
(Attribute Request, Product Information, Numeric/String Version,
Operational Status, Port Filter, Installed Packages, Assessment
Result, Remediation Instructions, Forwarding Enabled and Factory
Default Password Enabled). A strongSwan OS IMC/IMV pair uses these
attributes to transfer operating system information from a Linux
or Android 4 client to a TNC server.
New Statistics Features
-----------------------
- The new "ipsec listcounters" command prints a list of global
counter values about received and sent IKE messages and rekeyings.
- The new "lookip" plugin performs fast lookup of tunnel information
using a clients virtual IP and can send notifications about
established or deleted tunnels. The "ipsec lookip" command can be
used to query such information or receive notifications.
- The new "error-notify" plugin catches some common error conditions
and allows an external application to receive notifications for
them over a UNIX socket.
Performance Testing
-------------------
- The load-tester plugin gained additional options for certificate
generation and can load keys and multiple CA certificates from
external files.
- It can install a dedicated outer IP address for each tunnel and
tunnel initiation batches can be triggered and monitored externally
using the "ipsec load-tester" tool.
Software Regression Testing and Simulation
------------------------------------------
- The integration and regression test environment was updated and
now uses KVM and reproducible guest images based on the latest
Debian packages.
Extended Smartcard Features
---------------------------
- The pkcs11 plugin can now load leftcert certificates from a
smartcard for a specific ipsec.conf conn section and
CA certificates for a specific ca section.
Miscellanous
------------
- PKCS#7 container parsing has been modularized, and the openssl
plugin gained an alternative implementation to decrypt and verify
such files. In contrast to our own DER parser, OpenSSL can handle
BER files, which is required for interoperability of our scepclient
with EJBCA PKI software.
- The new "rdrand" plugin provides a high quality / high performance
random source using the Intel rdrand instruction found on Ivy
Bridge processors.
Enjoy the release candidate and please report back any issues
encountered so that we can fix them before the final release.
Best regards
Andreas
======================================================================
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4468 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20130121/854f09a3/attachment.bin>
More information about the Users
mailing list