Version 4.4.0 » History » Version 1
Tobias Brunner, 11.05.2010 18:27
Added news for 4.4.0
| 1 | 1 | Tobias Brunner | h1. Version 4.4.0 |
|---|---|---|---|
| 2 | 1 | Tobias Brunner | |
| 3 | 1 | Tobias Brunner | * The IKEv2 High Availability plugin has been integrated. It provides |
| 4 | 1 | Tobias Brunner | load sharing and failover capabilities in a cluster of currently two nodes, |
| 5 | 1 | Tobias Brunner | based on an extend ClusterIP kernel module (for details see [[HighAvailability]]). |
| 6 | 1 | Tobias Brunner | The development of the High Availability functionality was sponsored by |
| 7 | 1 | Tobias Brunner | "secunet Security Networks AG":http://www.secunet.com. |
| 8 | 1 | Tobias Brunner | |
| 9 | 1 | Tobias Brunner | * Added IKEv1 and IKEv2 configuration support for the AES-GMAC |
| 10 | 1 | Tobias Brunner | authentication-only ESP cipher. Our "aes_gmac kernel patch":http://download.strongswan.org/uml/aes_gmac.patch.bz2 or a Linux |
| 11 | 1 | Tobias Brunner | 2.6.34 kernel is required to make AES-GMAC available via the XFRM |
| 12 | 1 | Tobias Brunner | kernel interface. |
| 13 | 1 | Tobias Brunner | |
| 14 | 1 | Tobias Brunner | * Added support for Diffie-Hellman groups 22, 23 and 24 to the gmp, gcrypt |
| 15 | 1 | Tobias Brunner | and openssl plugins, usable by both pluto and charon. The new proposal |
| 16 | 1 | Tobias Brunner | keywords are modp1024s160, modp2048s224 and modp2048s256. |
| 17 | 1 | Tobias Brunner | Thanks to Joy Latten from IBM for her contribution. |
| 18 | 1 | Tobias Brunner | |
| 19 | 1 | Tobias Brunner | * The IKEv1 pluto daemon supports RAM-based virtual IP pools using |
| 20 | 1 | Tobias Brunner | the rightsourceip directive with a subnet from which addresses |
| 21 | 1 | Tobias Brunner | are allocated. |
| 22 | 1 | Tobias Brunner | |
| 23 | 1 | Tobias Brunner | * The ipsec pki --gen and --pub commands now allow the output of |
| 24 | 1 | Tobias Brunner | private and public keys in PEM format using the --outform pem |
| 25 | 1 | Tobias Brunner | command line option. |
| 26 | 1 | Tobias Brunner | |
| 27 | 1 | Tobias Brunner | * The new DHCP plugin queries virtual IP addresses for clients from a DHCP |
| 28 | 1 | Tobias Brunner | server using broadcasts, or a defined server using the |
| 29 | 1 | Tobias Brunner | charon.plugins.dhcp.server strongswan.conf option. DNS/WINS server information |
| 30 | 1 | Tobias Brunner | is additionally served to clients if the DHCP server provides such |
| 31 | 1 | Tobias Brunner | information. The plugin is used in ipsec.conf configurations having |
| 32 | 1 | Tobias Brunner | rightsourceip set to %dhcp. |
| 33 | 1 | Tobias Brunner | |
| 34 | 1 | Tobias Brunner | * A new plugin called farp fakes ARP responses for virtual IP addresses |
| 35 | 1 | Tobias Brunner | handed out to clients from the IKEv2 daemon charon. The plugin lets a |
| 36 | 1 | Tobias Brunner | road-warrior act as a client on the local LAN if it uses a virtual IP |
| 37 | 1 | Tobias Brunner | from the responders subnet, e.g. acquired using the DHCP plugin. |
| 38 | 1 | Tobias Brunner | |
| 39 | 1 | Tobias Brunner | * The existing IKEv2 socket implementations have been migrated to the |
| 40 | 1 | Tobias Brunner | socket-default and the socket-raw plugins. The new socket-dynamic plugin |
| 41 | 1 | Tobias Brunner | binds sockets dynamically to ports configured via the left-/rightikeport |
| 42 | 1 | Tobias Brunner | ipsec.conf connection parameters. |
| 43 | 1 | Tobias Brunner | |
| 44 | 1 | Tobias Brunner | * The [[Android]] charon plugin stores received DNS server information as "net.dns" |
| 45 | 1 | Tobias Brunner | system properties, as used by the Android platform. |