设为首页收藏本站

LUPA开源社区

 找回密码
 注册
文章 帖子 博客
LUPA开源社区 首页 业界资讯 软件追踪 查看内容

StrongSwan 5.2.1发布,Linux的IPsec项目

2014-10-22 15:18| 发布者: joejoe0332| 查看: 802| 评论: 0|原作者: oschina|来自: oschina

摘要:   StrongSwan是一个完整的2.4和2.6的Linux内核下的IPsec和IKEv1 的实现。它也完全支持新的IKEv2协议的Linux 2.6内核。结合IKEv1和IKEv2模式与大多数其他基于IPSec的VPN产品。并且支持Radius.重点项目是strongSwan ...

   StrongSwan是一个完整的2.4和2.6的Linux内核下的IPsec和IKEv1  的实现。它也完全支持新的IKEv2协议的Linux 2.6内核。结合IKEv1和IKEv2模式与大多数其他基于IPSec的VPN产品。并且支持Radius.重点项目是strongSwan强认证机 制,使用X.509公开密钥证书和可选的安全储存私钥对智能卡通过一个标准化的PKCS #  11接口。一个特点是使用的X.509属性证书实现了先进的访问控制方案的基础上组的成员。


  StrongSWAN 5.2.1发布。2014-10-20。这是一个Ipsec和IKE的VPN实现,并且支持Radius.这是2014-07-09 5.2.0发布后第一个补丁版。它和OpenSWAN是以前已经停止开发的FreeSWAN的后续版本。遗留产品线是2014-04-15的5.1.3.


完全改进:

Version 5.2.1

  • The new charon-systemd IKE daemon implements an IKE daemon tailored
    for use with systemd. It avoids the dependency on ipsec starter and
    uses swanctl as configuration backend, building a simple and
    lightweight solution. Native systemd journal logging is supported.

  • Support for the new IKEv2 Fragmentation mechanism as defined by
    the RFC-to-be 7383 has been added, which avoids IP fragmentation of
    IKEv2 UDP datagrams exceeding the network's MTU size. This feature is
    activated by setting fragmentation=yes in ipsec.conf and optionally
    setting the maximum IP packet size with the charon.fragment_size
    parameter in strongswan.conf.

  • Support of the TCG TNC IF-M Attribute Segmentation specification proposal,
    which allows to transfer potentially huge attributes amounting to several
    megabytes of measurement data like the TCG/SWID Tag [ID] Inventory
    or IETF/Installed Packages attributes via the PA-TNC, PB-TNC and
    either PT-EAP or PT-TLS NEA protocol stack.  By default segmented attributes
    are just reconstructed on the receiving side from the individual segments
    with the exeception of the three attribute types mentioned above which can
    be parsed and processed incrementally as the segments arrive one-by-one.
    A commented example can be found under PT-EAP-SWID.

  • For the vici plugin a ruby gem has been added to allow ruby applications
    to control or monitor the IKE daemon. The vici documentation has been
    updated to include a description of the available operations and some simple
    examples using both the libvici C interface and the ruby gem (see README.md).

  • The new ext-auth plugin calls an external script to implement custom IKE_SA
    authorization logic, courtesy of Vyronas Tsingaras.

  • Support for IKEv1 fragmentation has been extended to Windows XP/7 clients,
    courtesy of Volker Rümelin.

  • A static interval for interim RADIUS accounting updates can be configured for
    the eap-radius plugin. It's overridden by any interval the RADIUS server returns
    in the Access-Accept message, but it can be useful if RADIUS is only used for accounting.

  • Fixed re-authentication when using IKEv1 Mode Config in push mode (cb98380fe9e4).

  • Handle Quick Mode DELETES during a Quick Mode rekeying (cd9bba508bba).

  • Fixed some Cisco Unity corner cases (rekeying and situations where no split-include attributes
    are received), one fix didn't made it into this release though (#737).

  • Fixed a crash during reauthentication with multiple authentication rounds caused by the
    incorrect use ofarray_remove_at()inauth_cfg_t(8ca9a67fac59).
    Also added a comment regarding the used of that function (see c641974de001).

  • The kernel-pfkey plugin now reports packet counts (25fcbab6789c).

  • If available the kernel-pfroute plugin uses RTM_IFANNOUNCE/IFAN_DEPARTURE events to
    delete cached interfaces (see f80093e2ee65).

  • The kernel-netlink plugin can set MTU and MSS on installed routes via settings in
    strongswan.conf (these are global and affect all SAs).

  • The kernel-netlink plugin optionally installs protocol and ports on transport mode
    SAs (90e6675a657c) to enforce policies for inbound traffic. Enabling this prevents the use
    of a single IPsec SA by more than one traffic selectors though.

下载:http://download.strongswan.org/strongswan-5.2.1.tar.bz2


酷毙

雷人

鲜花

鸡蛋

漂亮
  • 快毕业了,没工作经验,
    找份工作好难啊?
    赶紧去人才芯片公司磨练吧!!

最新评论

关于LUPA|人才芯片工程|人才招聘|LUPA认证|LUPA教育|LUPA开源社区 ( 浙B2-20090187 浙公网安备 33010602006705号   

返回顶部