Project

General

Profile

4.3.0

22.04.2009

100%

1 issue   (1 closed — 0 open)

Version 4.3.0

  • Support for the IKEv2 Multiple Authentication Exchanges extension (RFC4739).
    Initiators and responders can use several authentication rounds (e.g. RSA
    followed by EAP) to authenticate. The new ipsec.conf leftauth/rightauth and
    leftauth2/rightauth2 parameters define own authentication rounds or setup
    constraints for the remote peer. See the ipsec.conf man page for more detials.
  • If glibc printf hooks (register_printf_function) are not available,
    strongSwan can use the vstr string library to run on non-glibc systems.
  • The IKEv2 charon daemon can now configure the ESP CAMELLIA-CBC cipher
    (esp=camellia128|192|256).
  • Refactored the pluto and scepclient code to use basic functions (memory
    allocation, leak detective, chunk handling, printf_hooks, strongswan.conf
    attributes, ASN.1 parser, etc.) from the libstrongswan library.
  • Up to two DNS and WINS servers to be sent via IKEv1 ModeConfig can be
    configured in the pluto section of strongswan.conf.
Issues by
Feature

1/1
Related issues
Feature #72: Implement RFC 4739 - Multiple Authentication Exchanges in the IKEv2 Protocol