StrongSwan是一个完整的2.4和2.6的Linux内核下的IPsec和IKEv1
的实现。它也完全支持新的IKEv2协议的Linux
2.6内核。结合IKEv1和IKEv2模式与大多数其他基于IPSec的VPN产品。并且支持Radius.重点项目是strongSwan强认证机
制,使用X.509公开密钥证书和可选的安全储存私钥对智能卡通过一个标准化的PKCS #
11接口。一个特点是使用的X.509属性证书实现了先进的访问控制方案的基础上组的成员。
StrongSWAN
5.2.1发布。2014-10-20。这是一个Ipsec和IKE的VPN实现,并且支持Radius.这是2014-07-09
5.2.0发布后第一个补丁版。它和OpenSWAN是以前已经停止开发的FreeSWAN的后续版本。遗留产品线是2014-04-15的5.1.3.
完全改进:
Version 5.2.1
Support for the new IKEv2 Fragmentation mechanism as defined by the RFC-to-be 7383 has been added, which avoids IP fragmentation of IKEv2 UDP datagrams exceeding the network's MTU size. This feature is activated by setting fragmentation=yes in ipsec.conf and optionally setting the maximum IP packet size with the charon.fragment_size parameter in strongswan.conf.
Support of the TCG TNC IF-M Attribute Segmentation specification proposal, which allows to transfer potentially huge attributes amounting to several megabytes of measurement data like the TCG/SWID Tag [ID] Inventory or IETF/Installed Packages attributes via the PA-TNC, PB-TNC and either PT-EAP or PT-TLS NEA protocol stack. By default segmented attributes are just reconstructed on the receiving side from the individual segments with the exeception of the three attribute types mentioned above which can be parsed and processed incrementally as the segments arrive one-by-one. A commented example can be found under PT-EAP-SWID.
下载:http://download.strongswan.org/strongswan-5.2.1.tar.bz2 |