strongSwan 4.1.11 (Default branch) |
|
|
strongSwan is a complete IPsec and IKEv1 implementation for Linux 2.4 and 2.6 kernels. It also fully supports the new IKEv2 protocol with Linux 2.6 kernels. It interoperates in both IKEv1 and IKEv2 mode with most other IPsec-based VPN products. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A unique feature is the use of X.509 attribute certificates
to implement advanced access control schemes based on group memberships.
License: GNU General Public License (GPL)
Changes:
IKEv2 rekeying in NAT situations did not inherit
the NAT conditions to the rekeyed IKE_SA so that
the UDP encapsulation was lost with the next
CHILD_SA rekeying. Wrong type definition of the
next_payload variable in id_payload.c caused an
INVALID_SYNTAX error on PowerPC platforms. The
IKEv2 EAP-SIM server and client test modules were
implemented, which use triplets stored in a file.
For details on the configuration, see the scenario
"ikev2/rw-eap-sim-rsa".
|
