Hi, we are happy to announce the first release candidate of the forthcoming strongSwan 4.4 release. This major version offers the following new features:
* IKEv2 High Availability ----------------------- The IKEv2 High Availability plugin has been integrated. It provides load sharing and fail-over capabilities in a cluster of currently two nodes, based on an extended ClusterIP kernel module. More information is available at http://wiki.strongswan.org/projects/strongswan/wiki/HighAvailability The development of the High Availability functionality was sponsored by secunet Security Networks AG. * Diffie-Hellman Groups 22, 23, 24 with prime order subgroups ----------------------------------------------------------- Added support for Diffie-Hellman groups 22, 23 and 24 to the gmp, gcrypt and openssl plugins, usable by both pluto and charon. The new proposal keywords are modp1024s160, modp2048s224, and modp2048s256 as the following IKEv1 and IKEv2 example scenarios show: http://www.strongswan.org/uml/testresults44rc/ikev1/alg-modp-subgroup/ http://www.strongswan.org/uml/testresults44rc/ikev2/alg-modp-subgroup/ Thanks to Joy Latten from IBM for her contribution. * RAM-based virtual IP address pools for pluto -------------------------------------------- The pluto daemon inherited the popular RAM-based virtual IP address pool functionality from the charon daemon. The directive rightsourceip=<subnet> defines a subnet from which addresses dynamically are allocated as the following example scenario shows http://www.strongswan.org/uml/testresults44rc/ikev1/ip-pool/ * DHCP and ARP Proxy support -------------------------- The new dhcp plugin queries virtual IP addresses for clients from a DHCP server using broadcasts or a defined server using the charon.plugins.dhcp.server = strongswan.conf option. Additionally DNS/WINS server information is served to clients if the DHCP server provides such information. The plugin is used in ipsec.conf configurations with the setting rightsourceip=%dhcp. A new plugin called farp handles ARP responses for virtual IP addresses handed out to clients by the IKEv2 daemon charon. The plugin lets a road-warrior act as a client on the local LAN if it uses a virtual IP from the responders subnet, e.g. acquired via the dhcp plugin. The following example scenarios show the use of the dhcp and farp plugins: http://www.strongswan.org/uml/testresults44rc/ikev2/dhcp-dynamic/ http://www.strongswan.org/uml/testresults44rc/ikev2/dhcp-static-client-id/ http://www.strongswan.org/uml/testresults44rc/ikev2/dhcp-static-mac/ http://www.strongswan.org/uml/testresults44rc/ikev2/farp/ * Arbitrary IKEv2 source and destination ports -------------------------------------------- The existing IKEv2 socket implementations have been migrated to the socket-default and the socket-raw plugins. The new socket-dynamic plugin binds sockets dynamically to ports configured via the left|rightikeport ipsec.conf connection parameters. * Android Support --------------- The android plugin stores received DNS server information as "net.dns" system properties, as used by the Android platform. Thanks to the new libcharon library the IKEv2 charon daemon can now be built monolithically. For more information on the Android build see http://wiki.strongswan.org/projects/strongswan/wiki/Android * Storage of public and private keys in PEM format ------------------------------------------------ The ipsec pki --gen and --pub commands now allow the output of private and public keys in PEM format using the --outform pem command line option. Please give the new features a try and report any problems quickly. ETA for the stable strongSwan 4.4.0 release is the beginning of May. Best regards from the strongSwan team Andreas Steffen, Tobias Brunner & Martin Willi ====================================================================== Andreas Steffen [email protected] strongSwan - the Linux VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]== _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
