Project

General

Profile

Version 4.5.2 » History » Version 2

Tobias Brunner, 16.05.2011 13:56
News for 4.5.2

1 1 Tobias Brunner
h1. Version 4.5.2
2 1 Tobias Brunner
3 2 Tobias Brunner
* The [[Whitelist|whitelist plugin]] for the IKEv2 daemon maintains an in-memory identity
4 2 Tobias Brunner
  whitelist. Any connection attempt of peers not whitelisted will get rejected.
5 2 Tobias Brunner
  The 'ipsec whitelist' utility provides a simple command line frontend for
6 2 Tobias Brunner
  whitelist administration.
7 2 Tobias Brunner
8 2 Tobias Brunner
* The [[Duplicheck|duplicheck plugin]] provides a specialized form of duplicate checking,
9 2 Tobias Brunner
  doing a liveness check on the old SA and optionally notify a third party
10 2 Tobias Brunner
  application about detected duplicates.
11 2 Tobias Brunner
12 2 Tobias Brunner
* The [[CertCoupling|coupling plugin]] permanently couples two or more devices by limiting
13 2 Tobias Brunner
  authentication to previously used certificates.
14 2 Tobias Brunner
15 2 Tobias Brunner
* In the case that the peer config and child config don't have the same name
16 2 Tobias Brunner
  (usually in SQL database defined connections), @ipsec up|route <peer config>@
17 2 Tobias Brunner
  starts|routes all associated child configs and @ipsec up|route <child config>@
18 2 Tobias Brunner
  only starts|routes the specific child config.
19 2 Tobias Brunner
20 2 Tobias Brunner
* fixed the encoding and parsing of X.509 certificate policy statements (CPS).
21 2 Tobias Brunner
22 2 Tobias Brunner
* Duncan Salerno contributed the eap-sim-pcsc plugin implementing a
23 2 Tobias Brunner
  pcsc-lite based SIM card backend.
24 2 Tobias Brunner
25 2 Tobias Brunner
* The eap-peap plugin implements the EAP PEAP protocol. Interoperates
26 2 Tobias Brunner
  successfully with a FreeRADIUS server and Windows 7 Agile VPN clients.
27 2 Tobias Brunner
28 2 Tobias Brunner
* The IKEv2 daemon charon rereads strongswan.conf on SIGHUP and instructs
29 2 Tobias Brunner
  all plugins to reload. Currently only the eap-radius and the attr plugins
30 2 Tobias Brunner
  support configuration reloading.
31 2 Tobias Brunner
32 2 Tobias Brunner
* Added userland support to the IKEv2 daemon for Extended Sequence Numbers
33 2 Tobias Brunner
  support coming with Linux 2.6.39. To enable ESN on a connection, add
34 2 Tobias Brunner
  the 'esn' keyword to the proposal. The default proposal uses 32-bit sequence
35 2 Tobias Brunner
  numbers only ('noesn'), and the same value is used if no ESN mode is
36 2 Tobias Brunner
  specified. To negotiate ESN support with the peer, include both, e.g.
37 2 Tobias Brunner
  esp=aes128-sha1-esn-noesn.
38 2 Tobias Brunner
39 2 Tobias Brunner
* In addition to ESN, Linux 2.6.39 gained support for replay windows larger
40 2 Tobias Brunner
  than 32 packets. The new global [[strongswanconf|strongswan.conf]] option 'charon.replay_window'
41 2 Tobias Brunner
  configures the size of the replay window, in packets.