[strongSwan] Announce: strongswan-5.2.1rc1 released
Andreas Steffen
andreas.steffen at strongswan.org
Tue Oct 14 08:25:31 CEST 2014
Hi,
we are proud to announce the release candidate of your forthcoming
strongSwan 5.2.1 release which comes with some astounding new
features:
* Support for systemd
The new charon-systemd IKE daemon implements an IKE daemon tailored
for use with systemd. It avoids the dependency on ipsec starter and
uses swanctl as configuration backend, building a simple and
lightweight solution. Native systemd journal logging is supported.
* IKEv2 Fragmentation
We support the new IKEv2 Fragmentation mechanism as defined by
the RFC-to-be 7383 which avoids IP fragmentation of IKEv2 UDP
datagrams exceeding the network's MTU size. This feature is activated
by setting fragmentation=yes in ipsec.conf and setting the maximum
IP packet size with the fragment_size parameter in the charon section
of strongswan.conf. The following link shows an example scenario:
http://www.strongswan.org/uml/testresults5rc/ikev2/net2net-fragmentation/
* Segmentation of large PA-TNC attributes
We implemented the TCG TNC IF-M Segmentation Proposal which allows
to transfer potentially huge attributes amounting to several
megabytes of measurement data like the TCG/SWID Tag [ID] Inventory
or IETF/Installed Packages attributes via the PA-TNC, PB-TNC and
either PT-EAP or PT-TLS NEA protocol stack. By default segmented
attributes are just reconstructed on the receiving side from the
individual segments with the exeception of the three attribute
types mentioned above which can be parsed and processed incrementally
as the segments arrive one-by-one. The following link shows an
example scenario retrieving SWID tags from Debian-based hosts:
http://www.strongswan.org/uml/testresults5rc/tnc/tnccs-20-pdp-eap/
Detailed comments on the log file generated by the strongSwan
Policy Decision Point (PDP) can be found here:
https://wiki.strongswan.org/projects/strongswan/wiki/PT-EAP-SWID
* Ruby Gem Interface for vici
For the vici plugin a ruby gem has been added to allow ruby
applications to control or monitor the IKE daemon. The vici
documentation has been updated to include a description of the
available operations and some simple examples using both the libvici
C interface and the ruby gem.
https://wiki.strongswan.org/projects/strongswan/repository/revisions/master/entry/src/libcharon/plugins/vici/README.md
Please feel free to test the release candidate and give us feedback
on any issues you might encounter.
Best regards
Tobias Brunner, Andreas Steffen and Martin Willi
The strongSwan Team
======================================================================
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Open Source VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4255 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20141014/570dfe22/attachment.bin>
More information about the Users
mailing list