Version 4.5.2 » History » Version 2
Tobias Brunner, 16.05.2011 13:56
News for 4.5.2
| 1 | 1 | Tobias Brunner | h1. Version 4.5.2 |
|---|---|---|---|
| 2 | 1 | Tobias Brunner | |
| 3 | 2 | Tobias Brunner | * The [[Whitelist|whitelist plugin]] for the IKEv2 daemon maintains an in-memory identity |
| 4 | 2 | Tobias Brunner | whitelist. Any connection attempt of peers not whitelisted will get rejected. |
| 5 | 2 | Tobias Brunner | The 'ipsec whitelist' utility provides a simple command line frontend for |
| 6 | 2 | Tobias Brunner | whitelist administration. |
| 7 | 2 | Tobias Brunner | |
| 8 | 2 | Tobias Brunner | * The [[Duplicheck|duplicheck plugin]] provides a specialized form of duplicate checking, |
| 9 | 2 | Tobias Brunner | doing a liveness check on the old SA and optionally notify a third party |
| 10 | 2 | Tobias Brunner | application about detected duplicates. |
| 11 | 2 | Tobias Brunner | |
| 12 | 2 | Tobias Brunner | * The [[CertCoupling|coupling plugin]] permanently couples two or more devices by limiting |
| 13 | 2 | Tobias Brunner | authentication to previously used certificates. |
| 14 | 2 | Tobias Brunner | |
| 15 | 2 | Tobias Brunner | * In the case that the peer config and child config don't have the same name |
| 16 | 2 | Tobias Brunner | (usually in SQL database defined connections), @ipsec up|route <peer config>@ |
| 17 | 2 | Tobias Brunner | starts|routes all associated child configs and @ipsec up|route <child config>@ |
| 18 | 2 | Tobias Brunner | only starts|routes the specific child config. |
| 19 | 2 | Tobias Brunner | |
| 20 | 2 | Tobias Brunner | * fixed the encoding and parsing of X.509 certificate policy statements (CPS). |
| 21 | 2 | Tobias Brunner | |
| 22 | 2 | Tobias Brunner | * Duncan Salerno contributed the eap-sim-pcsc plugin implementing a |
| 23 | 2 | Tobias Brunner | pcsc-lite based SIM card backend. |
| 24 | 2 | Tobias Brunner | |
| 25 | 2 | Tobias Brunner | * The eap-peap plugin implements the EAP PEAP protocol. Interoperates |
| 26 | 2 | Tobias Brunner | successfully with a FreeRADIUS server and Windows 7 Agile VPN clients. |
| 27 | 2 | Tobias Brunner | |
| 28 | 2 | Tobias Brunner | * The IKEv2 daemon charon rereads strongswan.conf on SIGHUP and instructs |
| 29 | 2 | Tobias Brunner | all plugins to reload. Currently only the eap-radius and the attr plugins |
| 30 | 2 | Tobias Brunner | support configuration reloading. |
| 31 | 2 | Tobias Brunner | |
| 32 | 2 | Tobias Brunner | * Added userland support to the IKEv2 daemon for Extended Sequence Numbers |
| 33 | 2 | Tobias Brunner | support coming with Linux 2.6.39. To enable ESN on a connection, add |
| 34 | 2 | Tobias Brunner | the 'esn' keyword to the proposal. The default proposal uses 32-bit sequence |
| 35 | 2 | Tobias Brunner | numbers only ('noesn'), and the same value is used if no ESN mode is |
| 36 | 2 | Tobias Brunner | specified. To negotiate ESN support with the peer, include both, e.g. |
| 37 | 2 | Tobias Brunner | esp=aes128-sha1-esn-noesn. |
| 38 | 2 | Tobias Brunner | |
| 39 | 2 | Tobias Brunner | * In addition to ESN, Linux 2.6.39 gained support for replay windows larger |
| 40 | 2 | Tobias Brunner | than 32 packets. The new global [[strongswanconf|strongswan.conf]] option 'charon.replay_window' |
| 41 | 2 | Tobias Brunner | configures the size of the replay window, in packets. |