'[strongSwan] ANNOUNCE: strongswan-2.3.0 released'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       strongswan-users
Subject:    [strongSwan] ANNOUNCE:  strongswan-2.3.0 released
From:       andreas.steffen () strongsec ! net (Andreas Steffen)
Date:       2004-12-21 23:07:35
Message-ID: 41C89EA0.9020209 () strongsec ! net
[Download RAW message or body]

I'm happy to announce the release of strongswan-2.3.0 which can
be downloaded from

    http://www.strongwan.org/


New features of strongswan-2.3.0
--------------------------------

- Eric Marchionni and Patrik Rayo, both recent graduates from
   the Zuercher Hochschule Winterthur in Switzerland, created a
   User-Mode-Linux test setup for strongSwan. This flexible tool
   can be used to explore complex network setups including NAT
   traversal. Already a small collection of practical scenarios
   is available. For more details check out the pages at

     http://www.strongswan.org/uml/

- Full support of group attributes based on X.509 attribute
   certificates. Attribute certificates can be generated
   using the openac tool. For more details see the man page

     man ipsec_openac.

   The group attributes can be used in connection definitions
   in order to give IPsec access to specific user groups.
   This is done with the new parameter left|rightgroups as in

     rightgroups="Research, Sales"

   giving access to users possessing the group attributes
   Research or Sales, only. Currently the attribute certificates
   must be loaded via the /etc/ipsec.d/acerts directory but
   in forthcoming strongSwan version ynamic fetching from LDAP
   directory services will be implemented.

- In Quick Mode clients that are single hosts are now coded
   as IP_V4_ADDRESS or IP_V6_ADDRESS. This should fix rekeying
   problems with some Windows VPN Clients.

- Changed the defaults of the ikelifetime and keylife parameters
   to 3h and 1h, respectively. The maximum allowable values are
   now both set to 24 h.

- Suppressed notification wars between two IPsec peers that
   could e.g. be triggered by incorrect ISAKMP encryption.

- Public RSA keys can now have identical IDs if either the
   issuing CA or the serial number is different. The serial
   number of a certificate is now shown by the command

   ipsec auto --listpubkeys

Kind regards

Andreas

=======================================================================
Andreas Steffen                   e-mail: andreas.steffen@strongsec.com
strongSec GmbH                    home:   http://www.strongsec.com
Alter Z?richweg 20                phone:  +41 1 730 80 64
CH-8952 Schlieren (Switzerland)   fax:    +41 1 730 80 65
==========================================[strong internet security]===

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic