[strongSwan] ANNOUNCE: strongswan-5.2.0rc1 released
Andreas Steffen
andreas.steffen at strongswan.org
Sun Jun 29 16:40:28 CEST 2014
Hi,
the forthcoming strongSwan 5.2.0 major release introduces a
couple of quantum leaps:
Native strongSwan Port to Windows 7/8
-------------------------------------
- strongSwan has been ported to the Windows platform. Using a
MinGW toolchain, many parts of the strongSwan codebase run
natively on Windows 7 / 2008 R2 and newer releases.
- charon-svc implements a Windows IKE service based on libcharon,
the kernel-iph and kernel-wfp plugins act as networking and IPsec
backend on the Windows platform. socket-win provides a native IKE
socket implementation, while winhttp fetches CRL and OCSP
information using the WinHTTP API.
- Further infos on the Windows build can be found under the link:
http://wiki.strongswan.org/projects/strongswan/wiki/Windows
Getting rid of ipsec starter
----------------------------
- The new vici plugin provides a Versatile IKE Configuration Interface
for charon. Using the stable IPC interface, external applications can
configure, control and monitor the IKE daemon. Instead of scripting
the ipsec tool and generating ipsec.conf, third party applications
can use the new interface for more control and better reliability.
- Built upon the libvici client library, swanctl implements the first
user of the VICI interface. Based on the swanctl.conf
configuration file, connections can be defined, loaded and managed.
swanctl provides a portable, complete IKE configuration and control
interface for the command line.
- The following eight swanctl example scenarios show the use of the
new configuration interface:
http://www.strongswan.org/uml/testresults5rc/swanctl/
Collecting ISO/IEC 19770-2:2014 Software Identification (SWID) Tags
-------------------------------------------------------------------
- The SWID IMC can extract all installed packages from the dpkg
(Debian, Ubuntu, etc.) or rpm (Fedora, RedHat, etc) package managers,
respectively, using the swidGenerator
https://github.com/tnc-ba/swidGenerator
which generates SWID tags according to the new ISO/IEC 19770-2:2014
standard.
- The SWID IMV implements a JSON-based REST API which allows the
exchange of SWID tags and Software IDs with the strongTNC policy
manager.
- The following two example scenarios show the SWID use case:
http://www.strongswan.org/uml/testresults5rc/tnc/tnccs-20-pdp-eap/
http://www.strongswan.org/uml/testresults5rc/tnc/tnccs-20-pdp-pt-tls/
Remote Attestation Upgrade
--------------------------
- The Attestation IMC/IMV pair supports the IMA-NG measurement format
introduced with the Linux 3.13 kernel.
- The newe aikgen tool generates an Attestation Identity Key bound to
a TPM.
General Trusted Network Connect (TNC) Upgrades
----------------------------------------------
- All IMVs now share the access requestor ID, device ID and product info
of an access requestor via a common imv_session object.
- Implemented the PT-EAP transport protocol (RFC 7171) for Trusted
Network Connect.
Configurable IPsec Replay Window
--------------------------------
- The ipsec.conf replay_window option defines connection specific
IPsec replay windows. Original patch courtesy of Zheng Zhong and
Christophe Gouault from 6Wind.
Please test our release candidate and give feedback on any problems
that you may encounter.
Best regards
Tobias Brunner, Martin Will & Andreas Steffen
The strongSwan Team
======================================================================
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Open Source VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4255 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20140629/927e9693/attachment.bin>
More information about the Users
mailing list