[strongSwan] ANNOUNCE: strongswan-5.2.0rc1 released

Andreas Steffen andreas.steffen at strongswan.org
Sun Jun 29 16:40:28 CEST 2014


the forthcoming strongSwan 5.2.0 major release introduces a
couple of quantum leaps:

Native strongSwan Port to Windows 7/8

- strongSwan has been ported to the Windows platform. Using a
  MinGW toolchain, many parts of the strongSwan codebase run
  natively on Windows 7 / 2008 R2 and newer releases.

- charon-svc implements a Windows IKE service based on libcharon,
  the kernel-iph and kernel-wfp plugins act as networking and IPsec
  backend on the Windows platform. socket-win provides a native IKE
  socket implementation, while winhttp fetches CRL and OCSP
  information using the WinHTTP API.

- Further infos on the Windows build can be found under the link:


Getting rid of ipsec starter

- The new vici plugin provides a Versatile IKE Configuration Interface
  for charon. Using the stable IPC interface, external applications can
  configure, control and monitor the IKE daemon. Instead of scripting
  the ipsec tool and generating ipsec.conf, third party applications
  can use the new interface for more control and better reliability.

- Built upon the libvici client library, swanctl implements the first
  user of the VICI interface. Based on the swanctl.conf
  configuration file, connections can be defined, loaded and managed.
  swanctl provides a portable, complete IKE configuration and control
  interface for the command line.

- The following eight swanctl example scenarios show the use of the
  new configuration interface:


Collecting ISO/IEC 19770-2:2014 Software Identification (SWID) Tags

- The SWID IMC can extract all installed packages from the dpkg
  (Debian, Ubuntu, etc.) or rpm (Fedora, RedHat, etc) package managers,
   respectively, using the swidGenerator


  which generates SWID tags according to the new ISO/IEC 19770-2:2014

- The SWID IMV implements a JSON-based REST API which allows the
  exchange of SWID tags and Software IDs with the strongTNC policy

- The following two example scenarios show the SWID use case:



Remote Attestation Upgrade

- The Attestation IMC/IMV pair supports the IMA-NG measurement format
  introduced with the Linux 3.13 kernel.

- The newe aikgen tool generates an Attestation Identity Key bound to
  a TPM.

General Trusted Network Connect (TNC) Upgrades

- All IMVs now share the access requestor ID, device ID and product info
  of an access requestor via a common imv_session object.

- Implemented the PT-EAP transport protocol (RFC 7171) for Trusted
  Network Connect.

Configurable IPsec Replay Window

- The ipsec.conf replay_window option defines connection specific
  IPsec replay windows. Original patch courtesy of Zheng Zhong and
  Christophe Gouault from 6Wind.

Please test our release candidate and give feedback on any problems
that you may encounter.

Best regards

Tobias Brunner, Martin Will & Andreas Steffen

The strongSwan Team

Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Open Source VPN Solution!          www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4255 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20140629/927e9693/attachment.bin>

More information about the Users mailing list