Downloads

Download strongSwan 4.6.3

By admin
Spread the love

Various protocols can be used to secure connections over public networks, such as the widely used ipsec. StrongSwan is an ipsec implementation for Linux systems and targets current 2.6 and 3.x Linux kernels. Support for ikev1, ikev2 and ipv6 is provided, as on this page can be read. The developers have released strongSwan 4.6.3 with the following changes:

Version 4.6.3:

  • The tnc-pdp plugin implements a RADIUS server interface allowing a strongSwan TNC server to act as a Policy Decision Point.
  • The eap-radius authentication backend enforces Session-Timeout attributes using RFC4478 repeated authentication and acts upon RADIUS Dynamic Authorization extensions, RFC 5176. Currently supported are disconnect requests and CoA messages containing a Session-Timeout.
  • The eap-radius plugin can forward arbitrary RADIUS attributes from and to clients using custom IKEv2 notify payloads. The new radattr plugin reads attributes to include from files and prints received attributes to the console.
  • Added support for untruncated MD5 and SHA1 HMACs in ESP as used in RFC 4595.
  • The cmac plugin implements the AES-CMAC-96 and AES-CMAC-PRF-128 algorithms as defined in RFC 4494 and RFC 4615, respectively.
  • The resolve plugin automatically installs nameservers via resolvconf(8), if it is installed, instead of modifying /etc/resolv.conf directly.
  • The IKEv2 charon daemon supports now raw RSA public keys in RFC 3110 DNSKEY and PKCS#1 file format.
  • The farp plugin sends ARP responses for any tunneled address, not only virtual IPs.
  • Charon resolves hosts again during additional keying tries.
  • Fixed switching back to original address pair during MOBIKE.
  • When resending IKE_SA_INIT with a COOKIE charon reuses the previous DH value, as specified in RFC 5996. This has an effect on the lifecycle of diffie_hellman_t, see source:src/libcharon/sa/keymat.h#39 for details.
  • COOKIEs are now kept enabled a bit longer to avoid certain race conditions the commit message to 1b7debcc has some details.
  • The new stroke user-creds command allows to set username/password for a connection.
  • strongswan.conf option added to set identifier for syslog(3) logging.
  • Added a workaround for null-terminated XAuth secrets (as sent by Android 4).

Version number 4.6.3
Release status stable
Operating systems Linux
Website strongSwan
Download
License type GPL
You might also like
News

Rumor: Apple is working on its own applications based on a large language model

News

EU Council determines position on security requirements for digital products

News

Samsung develops first GDDR7 chips, mentions bandwidths of up to 32Gbit/s per pin

News

Logitech acquires stream controller maker Loupedeck

News

Anticheat FaceIT gets Linux version, enables Steam Deck support

News

Rumor: EU starts investigation into Microsoft for including Teams with Office