We are happy to announce the release of strongSwan 4.2.12 which improves the IKEv2 interoperability with the Windows 7 Agile VPN Client and the first separate release 1.0.0 of the strongSwan VPN applet for the GNOME NetworkManager.
- Definition of up to two DNS and/or up to two WINS IPv4 or IPv6 nameservers in strongswan.conf. The syntax is charon { dns1 = 192.168.0.100 dns2 = 192.168.0.101 nbns1 = 192.168.0.150 nbns2 = 192.168.0.151 } This information is sent to the peer via the IKEv2 Configuration Payload. On Linux peers the DNS information is added to /etc/resolv.conf and on Windows 7 peers both DNS and WINS information is assigned together with a virtual IP address to the virtual network adapter. - Support of the IKEv2 EAP-MSCHAPv2 protocol. This allows EAP interoperability with a Windows 7 client as a strongSwan VPN gateway or with a Windows 2008 Server R2 as a strongSwan VPN client. A strongSwan - strongSwan scenario is shown here: http://www.strongswan.org/uml/testresults42/ikev2/rw-eap-mschapv2-rsa/ THE EAP user credentials are stored in ipsec.secrets. The EAP-MSCHAPv2 plugin is activated with the following options ./configure --enable-md4 --enable-eap-identity --enable-eap-mschapv2 A word of warning: The Windows 7 Beta Agile VPN client currently ignores the RSA signature sent by the VPN gateway. Therefore the server is authenticated solely based on the mutual property of the MS-CHAP v2 protocol which might be too weak. Thus for the time being we recommend the use of strong mutual authentication based on X.509 machine certificates as described in our Windows 7 HOWTO: http://wiki.strongswan.org/wiki/Windows7 - The strongSwan VPN applet for the GNOME NetworkManager is not part of the strongSwan 4.2.12 tarball any more but is distributed as a separate NetworkManager-strongswan-1.0.0 package available here: http://download.strongswan.org/NetworkManager/ The installation and configuration either as a Ubuntu/Debian package or from the tarball is described in the NetworkManager HOWTO: http://wiki.strongswan.org/wiki/NetworkManager We hope that NetworkManager-strongswan will quickly become an official package in all major Linux distributions. Best regards the strongSwan team: Tobias Brunner, Martin Willi, Andreas Steffen ====================================================================== Andreas Steffen andreas.stef...@strongswan.org strongSwan - the Linux VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]== _______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users