Projects / strongSwan / Releases

All releases of strongSwan

  •  14 Feb 2011 05:14
Avatar

    Release Notes: The RFC 5793 Posture Broker Protocol compatible with Trusted Network Connect (PB-TNC) was implemented. IKE and ESP proposals as well as CRL distribution points can be stored in an SQL database. Connections can be started or routed automatically via the start_action database field. The IKEv2 daemon supports the INITIAL_CONTACT notification.

    •  01 Nov 2010 06:11
    Avatar

      Release Notes: IKEv2 is now the default key exchange mode. IKEv2 EAP-TLS, EAP-TTLS, and EAP-TNC (Trusted Network Connect) authentication modes terminated either on a strongSwan gateway or a remote AAA server are supported. PKCS#11 smartcards are supported for IKEv2.

      •  03 May 2010 08:42
      Avatar

        Release Notes: The new IKEv2 High Availability plugin provides load sharing and fail-over capabilities in a cluster of currently two nodes based on an extended ClusterIP Linux kernel module. IKEv1 and IKEv2 configuration support was added for the AES-GMAC authentication-only ESP cipher and for the Diffie-Hellman groups 22, 23, and 24. RAM-based virtual IP address pools are now also supported by the IKEv1 daemon. The dhcp and farp charon plugins allow tight integration of remote access clients into a local network by offering DHCP and ARP services.

        •  12 Feb 2010 08:18
        Avatar

          Release Notes: Starting with the Linux 2.6.33 kernel, the SHA-256/384/512 HMAC ESP data integrity algorithms are now configured by strongSwan with the correct truncation length. Older kernels require a SHA-2 patch. The IKEv2 charon daemon has been ported to the Android platform. DNS and NBNS server information stored in an SQL database can be distributed to VPN clients via the IKEv1 Mode Config or the IKEv2 Configuration payload.

          •  02 Nov 2009 12:51
          Avatar

            Release Notes: The IKEv1 pluto daemon can attach SQL-based address pools to deal out virtual IP addresses as a Mode Config server in either Pull or Push mode. In addition to time based rekeying, the IKEv2 charon daemon supports IPsec SA lifetimes based on processed volume measured in bytes or number of packets.

            •  19 Aug 2009 01:50
            Avatar

              Release Notes: The IKEv2 charon daemon has been ported to FreeBSD and Mac OS X.

              •  22 Jul 2009 09:43
              Avatar

                Release Notes: Optional integrity checksum tests are done over all strongSwan dynamic libraries and plugins during startup. The IKEv1 pluto daemon now supports the ESP authenticated encryption algorithms AES-GCM and AES-CCM.

                •  22 Jun 2009 06:51
                Avatar

                  Release Notes: The IKEv1 and IKEv2 daemons now share the same crypto framework. Either the built-in algorithms or the OpenSSL or GNU libgcrypt libraries can be used. During startup, self-tests for all cryptographic algorithms are executed. The IKEv1 daemon supports elliptic curve Diffie-Hellman groups and ECDSA signatures. Two minor DoS vulnerabilities in the ASN.1 parser were fixed.

                  •  27 May 2009 11:18
                  Avatar

                    Release Notes: This release fixes two DoS vulnerabilities in the charon daemon that were discovered by fuzzing techniques. A couple of bugs caused by the massive 4.3.0 refactoring were fixed.

                    •  23 Apr 2009 04:43
                    Avatar

                      Release Notes: This release implements IKEv2 Multiple Authentication Exchanges (RFC 4739). Refactored IKEv1 pluto code uses the libstrongswan library for basic functions. Up to two DNS and WINS servers to be sent via the IKEv1 ModeConfig protocol can thus be configured via strongswan.conf attributes.

                      Screenshot

                      Project Spotlight

                      episoder

                      A tool to tell you about new episodes of your favourite TV shows.

                      Screenshot

                      Project Spotlight

                      BalanceNG

                      A modern software IP load balancer.