Hi, we proudly present the first release of the new strongSwan 4.3 branch which offers the following two major features:
- IKEv2 Multiple Authentication Exchanges (RFC 4739) -------------------------------------------------- Initiators and responders can use several authentication rounds (e.g. RSA followed by EAP) to authenticate. The new ipsec.conf leftauth/rightauth and leftauth2/rightauth2 parameters define their own authentication rounds and setup constraints for the remote peer. See the ipsec.conf man page for more details. A typical sample scenario using mutual RSA authentication in the first round and EAP-SIM client authentication in the second round can be found under the link http://www.strongswan.org/uml/testresults43/ikev2/mult-auth-rsa-eap-sim-id/ - Use of libstrongswan in the IKEv1 pluto code -------------------------------------------- We refactored the pluto and scepclient code to share basic functions (memory allocation, leak detective, chunk handling, printf_hooks, strongswan.conf attributes, ASN.1 parser, etc.) with the libstrongswan library. As a first benefit, up to two DNS and WINS servers to be sent via the IKEv1 ModeConfig protocol can be configured in the pluto section of /etc/strongswan.conf: pluto { dns1 = dns2 = nbns1 = nbns2 = } A configuration example can be found under the link http://www.strongswan.org/uml/testresults43/ikev1/mode-config/ And here some more features: - If glibc printf hooks (register_printf_function) are not available, strongSwan can use the vstr string library to run on non-glibc systems. - The IKEv2 charon daemon now supports the ESP CAMELLIA-CBC cipher (esp=camellia128|192|256). A sample scenario can be found under the link http://www.strongswan.org/uml/testresults43/ikev2/esp-alg-camellia/ Due to the heavy refactoring of large parts of both the IKEv1 and IKEv2 source code we strongly advise *against* using 4.3.0 in mission critical applications. Please use the stable strongSwan 4.2.14 version on production systems instead, at least until the release of 4.3.1. Best regards Martin Willi Andreas Steffen IKEv2 Software Architect strongSwan Project Leader ====================================================================== Andreas Steffen andreas.stef...@strongswan.org strongSwan - the Linux VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]== _______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users