Hello, we are giving you a preview on the forthcoming 4.5.1 release which currently is going to offer the following new features:
1) Full support of the RFC 5793 Trusted Network Connect protocol ------------------------------------------------------------- strongSwan can be configured as - an IKEv2 VPN Client with an integrated Posture Broker Client - an IKEv2 VPN Gateway with an integrated Posture Broker Server - an IKEv2 VPN Policy Enforcement Point with an EAP-RADIUS interface connecting to a remote AAA Server (e.g. FreeRADIUS). Since the IETF hasn't decided on a PT transport protocol yet, strongSwan currently uses EAP-TNC, specified by the TCG in IF-T Protocol Bindings for Tunneled EAP Methods version 1.1 As an outer tunneling protocol IKEv2-EAP-TTLS is used with either password-based EAP-MD5 phase 2 client authentication as in this example scenario: http://www.strongswan.org/uml/testresults45dr/ikev2/rw-eap-tnc-20/ or certificate-based EAP-TLS authentication as in: http://www.strongswan.org/uml/testresults45dr/ikev2/rw-eap-tnc-20-tls/ Any Posture Collectors and Posture Validators that adhere to the TCG's IF-IMC 1.2 and IF-IMV 1.2 interface specifications, respectively, can be loaded by strongSwan via /etc/tnc_config. The following HOWTO on our Wiki gives some configuration hints: http://wiki.strongswan.org/projects/strongswan/wiki/TrustedNetworkConnect 2) Extended SQL database configuration features -------------------------------------------- - The start_action field in the child_configs tables allows the automatic starting http://www.strongswan.org/uml/testresults45dr/sql/net2net-start-pem/ or routing http://www.strongswan.org/uml/testresults45dr/sql/net2net-route-pem/ of connections stored in an SQL database. - Detailed specification of ordered IKE and ESP cipher suites using the new "proposals", "ike_config_proposal", and "child_config_proposal" tables: http://www.strongswan.org/uml/testresults45dr/sql/net2net-start-pem/moon.ipsec.sql - Configuration of CRL and OCSP URIs using the new "certificate_authorities" and "certificate_distribution_points" tables: http://www.strongswan.org/uml/testresults45dr/sql/multi-level-ca/moon.ipsec.sql Kind regards Andreas Steffen ====================================================================== Andreas Steffen [email protected] strongSwan - the Linux VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]== _______________________________________________ Dev mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/dev
