Hi, many of you have been waiting for the 5.0.2 release. With our first release candidate you get a preview of the many new features of our next stable release expected at the end of this month:
New IKEv1 Features ------------------ - Support for the proprietary IKEv1 fragmentation extension has been added. Fragments are always handled on receipt but only sent if supported by the peer and if enabled with the new "fragmentation = yes" ipsec.conf option. - IKEv1 in charon can now parse certificates received in PKCS#7 containers and supports NAT traversal as used by Windows XP clients. Patches courtesy of Volker Ruemelin. New IKEv2 Features ------------------ - IKEv2 proposals can now use a PRF algorithm different to that defined for integrity protection. If an algorithm with a "prf" prefix is defined explicitly (such as prfsha1 or prfsha256), no implicit PRF algorithm based on the integrity algorithm is added to the proposal. New Trusted Network Connect Features ------------------------------------ - Implemented all IETF RFC Standard 5792 PA-TNC attributes (Attribute Request, Product Information, Numeric/String Version, Operational Status, Port Filter, Installed Packages, Assessment Result, Remediation Instructions, Forwarding Enabled and Factory Default Password Enabled). A strongSwan OS IMC/IMV pair uses these attributes to transfer operating system information from a Linux or Android 4 client to a TNC server. New Statistics Features ----------------------- - The new "ipsec listcounters" command prints a list of global counter values about received and sent IKE messages and rekeyings. - The new "lookip" plugin performs fast lookup of tunnel information using a clients virtual IP and can send notifications about established or deleted tunnels. The "ipsec lookip" command can be used to query such information or receive notifications. - The new "error-notify" plugin catches some common error conditions and allows an external application to receive notifications for them over a UNIX socket. Performance Testing ------------------- - The load-tester plugin gained additional options for certificate generation and can load keys and multiple CA certificates from external files. - It can install a dedicated outer IP address for each tunnel and tunnel initiation batches can be triggered and monitored externally using the "ipsec load-tester" tool. Software Regression Testing and Simulation ------------------------------------------ - The integration and regression test environment was updated and now uses KVM and reproducible guest images based on the latest Debian packages. Extended Smartcard Features --------------------------- - The pkcs11 plugin can now load leftcert certificates from a smartcard for a specific ipsec.conf conn section and CA certificates for a specific ca section. Miscellanous ------------ - PKCS#7 container parsing has been modularized, and the openssl plugin gained an alternative implementation to decrypt and verify such files. In contrast to our own DER parser, OpenSSL can handle BER files, which is required for interoperability of our scepclient with EJBCA PKI software. - The new "rdrand" plugin provides a high quality / high performance random source using the Intel rdrand instruction found on Ivy Bridge processors. Enjoy the release candidate and please report back any issues encountered so that we can fix them before the final release. Best regards Andreas ====================================================================== Andreas Steffen [email protected] strongSwan - the Linux VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]==
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Dev mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/dev
