[prev in list] [next in list] [prev in thread] [next in thread]
List: strongswan-users
Subject: [strongSwan] ANNOUNCE: strongswan-2.3.0 released
From: andreas.steffen () strongsec ! net (Andreas Steffen)
Date: 2004-12-21 23:07:35
Message-ID: 41C89EA0.9020209 () strongsec ! net
[Download RAW message or body]
I'm happy to announce the release of strongswan-2.3.0 which can
be downloaded from
http://www.strongwan.org/
New features of strongswan-2.3.0
--------------------------------
- Eric Marchionni and Patrik Rayo, both recent graduates from
the Zuercher Hochschule Winterthur in Switzerland, created a
User-Mode-Linux test setup for strongSwan. This flexible tool
can be used to explore complex network setups including NAT
traversal. Already a small collection of practical scenarios
is available. For more details check out the pages at
http://www.strongswan.org/uml/
- Full support of group attributes based on X.509 attribute
certificates. Attribute certificates can be generated
using the openac tool. For more details see the man page
man ipsec_openac.
The group attributes can be used in connection definitions
in order to give IPsec access to specific user groups.
This is done with the new parameter left|rightgroups as in
rightgroups="Research, Sales"
giving access to users possessing the group attributes
Research or Sales, only. Currently the attribute certificates
must be loaded via the /etc/ipsec.d/acerts directory but
in forthcoming strongSwan version ynamic fetching from LDAP
directory services will be implemented.
- In Quick Mode clients that are single hosts are now coded
as IP_V4_ADDRESS or IP_V6_ADDRESS. This should fix rekeying
problems with some Windows VPN Clients.
- Changed the defaults of the ikelifetime and keylife parameters
to 3h and 1h, respectively. The maximum allowable values are
now both set to 24 h.
- Suppressed notification wars between two IPsec peers that
could e.g. be triggered by incorrect ISAKMP encryption.
- Public RSA keys can now have identical IDs if either the
issuing CA or the serial number is different. The serial
number of a certificate is now shown by the command
ipsec auto --listpubkeys
Kind regards
Andreas
=======================================================================
Andreas Steffen e-mail: andreas.steffen@strongsec.com
strongSec GmbH home: http://www.strongsec.com
Alter Z?richweg 20 phone: +41 1 730 80 64
CH-8952 Schlieren (Switzerland) fax: +41 1 730 80 65
==========================================[strong internet security]===
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic