Hi, we are proud to announce the release candidate of your forthcoming strongSwan 5.2.1 release which comes with some astounding new features:
* Support for systemd The new charon-systemd IKE daemon implements an IKE daemon tailored for use with systemd. It avoids the dependency on ipsec starter and uses swanctl as configuration backend, building a simple and lightweight solution. Native systemd journal logging is supported. * IKEv2 Fragmentation We support the new IKEv2 Fragmentation mechanism as defined by the RFC-to-be 7383 which avoids IP fragmentation of IKEv2 UDP datagrams exceeding the network's MTU size. This feature is activated by setting fragmentation=yes in ipsec.conf and setting the maximum IP packet size with the fragment_size parameter in the charon section of strongswan.conf. The following link shows an example scenario: http://www.strongswan.org/uml/testresults5rc/ikev2/net2net-fragmentation/ * Segmentation of large PA-TNC attributes We implemented the TCG TNC IF-M Segmentation Proposal which allows to transfer potentially huge attributes amounting to several megabytes of measurement data like the TCG/SWID Tag [ID] Inventory or IETF/Installed Packages attributes via the PA-TNC, PB-TNC and either PT-EAP or PT-TLS NEA protocol stack. By default segmented attributes are just reconstructed on the receiving side from the individual segments with the exeception of the three attribute types mentioned above which can be parsed and processed incrementally as the segments arrive one-by-one. The following link shows an example scenario retrieving SWID tags from Debian-based hosts: http://www.strongswan.org/uml/testresults5rc/tnc/tnccs-20-pdp-eap/ Detailed comments on the log file generated by the strongSwan Policy Decision Point (PDP) can be found here: https://wiki.strongswan.org/projects/strongswan/wiki/PT-EAP-SWID * Ruby Gem Interface for vici For the vici plugin a ruby gem has been added to allow ruby applications to control or monitor the IKE daemon. The vici documentation has been updated to include a description of the available operations and some simple examples using both the libvici C interface and the ruby gem. https://wiki.strongswan.org/projects/strongswan/repository/revisions/master/entry/src/libcharon/plugins/vici/README.md Please feel free to test the release candidate and give us feedback on any issues you might encounter. Best regards Tobias Brunner, Andreas Steffen and Martin Willi The strongSwan Team ====================================================================== Andreas Steffen [email protected] strongSwan - the Open Source VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]==
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
