Project

General

Profile

Version 4.4.0 » History » Version 1

Tobias Brunner, 11.05.2010 18:27
Added news for 4.4.0

1 1 Tobias Brunner
h1. Version 4.4.0
2 1 Tobias Brunner
3 1 Tobias Brunner
* The IKEv2 High Availability plugin has been integrated. It provides
4 1 Tobias Brunner
  load sharing and failover capabilities in a cluster of currently two nodes,
5 1 Tobias Brunner
  based on an extend ClusterIP kernel module (for details see [[HighAvailability]]).
6 1 Tobias Brunner
  The development of the High Availability functionality was sponsored by
7 1 Tobias Brunner
  "secunet Security Networks AG":http://www.secunet.com.
8 1 Tobias Brunner
9 1 Tobias Brunner
* Added IKEv1 and IKEv2 configuration support for the AES-GMAC
10 1 Tobias Brunner
  authentication-only ESP cipher. Our "aes_gmac kernel patch":http://download.strongswan.org/uml/aes_gmac.patch.bz2 or a Linux
11 1 Tobias Brunner
  2.6.34 kernel is required to make AES-GMAC available via the XFRM
12 1 Tobias Brunner
  kernel interface.
13 1 Tobias Brunner
14 1 Tobias Brunner
* Added support for Diffie-Hellman groups 22, 23 and 24 to the gmp, gcrypt
15 1 Tobias Brunner
  and openssl plugins, usable by both pluto and charon. The new proposal
16 1 Tobias Brunner
  keywords are modp1024s160, modp2048s224 and modp2048s256.
17 1 Tobias Brunner
  Thanks to Joy Latten from IBM for her contribution.
18 1 Tobias Brunner
19 1 Tobias Brunner
* The IKEv1 pluto daemon supports RAM-based virtual IP pools using
20 1 Tobias Brunner
  the rightsourceip directive with a subnet from which addresses
21 1 Tobias Brunner
  are allocated.
22 1 Tobias Brunner
23 1 Tobias Brunner
* The ipsec pki --gen and --pub commands now allow the output of
24 1 Tobias Brunner
  private and public keys in PEM format using the --outform pem
25 1 Tobias Brunner
  command line option.
26 1 Tobias Brunner
27 1 Tobias Brunner
* The new DHCP plugin queries virtual IP addresses for clients from a DHCP
28 1 Tobias Brunner
  server using broadcasts, or a defined server using the
29 1 Tobias Brunner
  charon.plugins.dhcp.server strongswan.conf option. DNS/WINS server information
30 1 Tobias Brunner
  is additionally served to clients if the DHCP server provides such
31 1 Tobias Brunner
  information. The plugin is used in ipsec.conf configurations having
32 1 Tobias Brunner
  rightsourceip set to %dhcp.
33 1 Tobias Brunner
34 1 Tobias Brunner
* A new plugin called farp fakes ARP responses for virtual IP addresses
35 1 Tobias Brunner
  handed out to clients from the IKEv2 daemon charon. The plugin lets a
36 1 Tobias Brunner
  road-warrior act as a client on the local LAN if it uses a virtual IP
37 1 Tobias Brunner
  from the responders subnet, e.g. acquired using the DHCP plugin.
38 1 Tobias Brunner
39 1 Tobias Brunner
* The existing IKEv2 socket implementations have been migrated to the
40 1 Tobias Brunner
  socket-default and the socket-raw plugins. The new socket-dynamic plugin
41 1 Tobias Brunner
  binds sockets dynamically to ports configured via the left-/rightikeport
42 1 Tobias Brunner
  ipsec.conf connection parameters.
43 1 Tobias Brunner
44 1 Tobias Brunner
* The [[Android]] charon plugin stores received DNS server information as "net.dns"
45 1 Tobias Brunner
  system properties, as used by the Android platform.