exploit the possibilities

Register | Login

FilesNewsUsersAuthors

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 1 - 25 of 59

Files from Andreas Steffen

strongSwan IPsec Implementation 5.0.4

Posted May 1, 2013

Authored by Andreas Steffen | Site strongswan.org

strongSwan is a complete IPsec implementation for the Linux, Android, Maemo, FreeBSD, and Mac OS X operating systems. It interoperates with with most other IPsec-based VPN products via the IKEv2 or IKEv1 key exchange protocols. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A rich choice of modular plugins adds additional features like Trusted Network Connect or advanced cryptographical algorithms.

Changes: This release fixes a severe security vulnerability (CVE-2013-2944) that existed in all versions 4.3.5 through 5.0.3. If the strongSwan "openssl" plugin was used for ECDSA signature verification, an empty, zeroed, or otherwise invalid signature was handled as a legitimate one.

tags | encryption, protocol

systems | linux, unix, freebsd, apple, osx

advisories | CVE-2013-2949

SHA-256 | f52a048aabc783056f90efab6c181ccb17b17396d3208327b4f90debaa4c16a3

Download | Favorite | View

strongSwan IPsec Implementation 5.0.2

Posted Feb 12, 2013

Authored by Andreas Steffen | Site strongswan.org

strongSwan is a complete IPsec implementation for the Linux, Android, Maemo, FreeBSD, and Mac OS X operating systems. It interoperates with with most other IPsec-based VPN products via the IKEv2 or IKEv1 key exchange protocols. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A rich choice of modular plugins adds additional features like Trusted Network Connect or advanced cryptographical algorithms.

Changes: The strongSwan Trusted Network Connect functionality supports all IETF Standard PA-TNC attributes and a new OS IMC/IMV pair using these attributes to transfer Linux or Android operating system information. Interoperability with Windows XP has been improved by supporting PKCS#7 certificate containers and legacy NAT traversal protocols. The test framework has been migrated from User Mode Linux to KVM, making it faster and more robust.

tags | tool, encryption, protocol

systems | linux, unix, freebsd, apple, osx

SHA-256 | d46f91e8a8f6bd9102156d1ee6efb61bd15b3a8b8b5c619bc91c1c61474727b6

Download | Favorite | View

strongSwan IPsec Implementation 5.0.1

Posted Oct 5, 2012

Authored by Andreas Steffen | Site strongswan.org

strongSwan is a complete IPsec implementation for the Linux, Android, Maemo, FreeBSD, and Mac OS X operating systems. It interoperates with with most other IPsec-based VPN products via the IKEv2 or IKEv1 key exchange protocols. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A rich choice of modular plugins adds additional features like Trusted Network Connect or advanced cryptographical algorithms.

Changes: The leftsourceip option now accepts a comma separated combination of %config4, %config6, or fixed IP addresses to request from the responder. Likewise, the rightsourceip option accepts multiple explicitly specified or referenced named address pools. TPM-based remote attestation has been extended to verify the complete measurements done by the Linux Integrity Measurement Architecture (IMA). Reference hash values of up to 10'000 Linux system files are stored in an SQLite database.

tags | tool, encryption, protocol

systems | linux, freebsd, apple, osx

SHA-256 | 8b56598c03fd2c9ee37b844a32f04a9db292e6318e4411065e0b1d74770cd467

Download | Favorite | View

strongSwan IPsec Implementation 5.0.0

Posted Jul 3, 2012

Authored by Andreas Steffen | Site strongswan.org

strongSwan is a complete IPsec implementation for the Linux, Android, Maemo, FreeBSD, and Mac OS X operating systems. It interoperates with with most other IPsec-based VPN products via the IKEv2 or IKEv1 key exchange protocols. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A rich choice of modular plugins adds additional features like Trusted Network Connect or advanced cryptographical algorithms.

Changes: The IKEv1 protocol was re-implemented from scratch by extending the successful IKEv2 code. The charon keying daemon now supports both protocols, which allowed the old IKEv1 pluto daemon to be removed. Support for the IKEv1 Aggressive and Hybrid Modes has been added.

tags | tool, encryption, protocol

systems | linux, freebsd, apple, osx

SHA-256 | 1a7ed98015df32e7412caf37391105af25a9dc66a0e357a1c92ccd5a9f180298

Download | Favorite | View

strongSwan IPsec Implementation 4.6.3

Posted May 3, 2012

Authored by Andreas Steffen | Site strongswan.org

strongSwan is a complete IPsec implementation for the Linux, Android, Maemo, FreeBSD, and Mac OS X operating systems. It interoperates with with most other IPsec-based VPN products via the IKEv2 or IKEv1 key exchange protocols. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A rich choice of modular plugins adds additional features like Trusted Network Connect or advanced cryptographical algorithms.

Changes: An extended EAP-RADIUS interfaces allows one to enforce Session-Timeout attributes using RFC4478 repeated authentication, and acts upon RADIUS Dynamic Authorization extensions (RFC 5176). Currently supported are disconnect requests and CoA messages containing a Session-Timeout. The tnc-pdp plugin implements a RADIUS server interface allowing a strongSwan TNC server to act as a Policy Decision Point.

tags | encryption, protocol

systems | linux, unix, freebsd, apple, osx

SHA-256 | 62dd46bdfa66e997cd07479c448ce5a5cb3748cb495d58074a7a737dbbe93fc4

Download | Favorite | View

strongSwan IPsec Implementation 4.6.2

Posted Feb 22, 2012

Authored by Andreas Steffen | Site strongswan.org

strongSwan is a complete IPsec implementation for the Linux, Android, Maemo, FreeBSD, and Mac OS X operating systems. It interoperates with with most other IPsec-based VPN products via the IKEv2 or IKEv1 key exchange protocols. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A rich choice of modular plugins adds additional features like Trusted Network Connect or advanced cryptographical algorithms.

Changes: The Trusted Computing Group Attestation Platform Trust Service (PTS) protocol was implemented. TPM-based remote attestation of Linux IMA (Integrity Measurement Architecture) is now possible. Measurement reference values are automatically stored in a SQLite database. A RADIUS accounting interface was provided along with support for PKCS#8 encoded private keys.

tags | encryption, protocol

systems | linux, unix, freebsd, apple, osx

SHA-256 | 8ab2371ba0c70cd010f0736839a0737dec95b197325b98505c1c69dd55e6964f

Download | Favorite | View

strongSwan IPsec Implementation 4.6.1

Posted Nov 12, 2011

Authored by Andreas Steffen | Site strongswan.org

strongSwan is a complete IPsec implementation for the Linux, Android, Maemo, FreeBSD, and Mac OS X operating systems. It interoperates with with most other IPsec-based VPN products via the IKEv2 or IKEv1 key exchange protocols. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A rich choice of modular plugins adds additional features like Trusted Network Connect or advanced cryptographical algorithms.

Changes: Because Ubuntu 11.10 activated the --as-needed ld option that discards included links to dynamic libraries that are not actually used by the charon daemon itself, the loading of plugins depending on external symbols provided by the libsimaka, libtls, or libtnccs libraries failed. As a fix, the plugins include the required libraries directly, and due to relinking during the installation, the approach of computing integrity checksums for plugins had to be changed radically by moving the hash generation from the compilation to the post-installation phase.

tags | encryption, protocol

systems | linux, unix, freebsd, apple, osx

SHA-256 | d750ec16bc32c3d7f41fdbc7ac376defb1acde9f4d95d32052cdb15488ca3c34

Download | Favorite | View

strongSwan IPsec Implementation 4.6.0

Posted Nov 8, 2011

Authored by Andreas Steffen | Site strongswan.org

strongSwan is a complete IPsec implementation for the Linux, Android, Maemo, FreeBSD, and Mac OS X operating systems. It interoperates with with most other IPsec-based VPN products via the IKEv2 or IKEv1 key exchange protocols. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A rich choice of modular plugins adds additional features like Trusted Network Connect or advanced cryptographical algorithms.

Changes: The libstrongswan plugin system now supports detailed plugin dependencies. Many plugins have been extended to export their capabilities and requirements. This allows the plugin loader to resolve the plugin loading order automatically, The pkcs11 plugin has been extended to handle Elliptic Curve Cryptography smartcards. The tnc-ifmap plugin implements a TNC IF-MAP 2.0 client which can deliver metadata about IKE_SAs via a SOAP interface to a Trusted Network Connect MAP server.

tags | encryption, protocol

systems | linux, unix, freebsd, apple, osx

SHA-256 | a602d73869f6d31e7e39021d3ac0b4d659de65348c0b42292785a6497ce28edc

Download | Favorite | View

strongSwan IPsec Implementation 4.5.3

Posted Aug 4, 2011

Authored by Andreas Steffen | Site strongswan.org

strongSwan is a complete IPsec implementation for the Linux, Android, Maemo, FreeBSD, and Mac OS X operating systems. It interoperates with with most other IPsec-based VPN products via the IKEv2 or IKEv1 key exchange protocols. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A rich choice of modular plugins adds additional features like Trusted Network Connect or advanced cryptographical algorithms.

Changes: The IKEv2 charon daemon allows one to define PASS and DROP shunt policies that, for example, prevent local traffic from going through IPsec connections or except certain protocols from IPsec encryption. A new IMC/IMV Scanner pair implements the RFC 5792 PA-TNC protocol. The Integrity Measurement Collector uses netstat to scan for open listening ports on the TNC client and sends a port list to the Integrity Measurement Verifier attached to the TNC Server, which decides whether the client is admitted to the network based on a configurable port policy.

tags | encryption, protocol

systems | linux, unix, freebsd, apple, osx

SHA-256 | e151188674981249da844460cb2aaeff81dc83646efea32e24eb85a0f4d4c1db

Download | Favorite | View

strongSwan IPsec / IKEv1 / IKEv2 Implementation For Linux 4.5.2

Posted May 25, 2011

Authored by Andreas Steffen | Site strongswan.org

strongSwan is a complete IPsec and IKEv1 implementation for Linux 2.4 and 2.6 kernels. It interoperates with most other IPsec-based VPN products. It is a descendant of the discontinued FreeS/WAN project. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A unique feature is the use of X.509 attribute certificates to implement advanced access control schemes based on group memberships.

Changes: The IKEv2 daemon supports negotiation of Extended Sequence Numbers (ESN) in conjunction with the Linux 2.6.39 kernel. The whitelist plugin allows whitelisting of users with X.509 certificate credentials. The eap-sim-pcsc plugin implements a pcsc-lite based SIM card backend.

tags | kernel, encryption

systems | linux, unix

SHA-256 | 88eeebfe9df6d18f320f396c7236f907e7a34c27f8382c7ce6e4239a7ecce31b

Download | Favorite | View

strongSwan IPsec / IKEv1 / IKEv2 Implementation For Linux 4.5.1

Posted Feb 14, 2011

Authored by Andreas Steffen | Site strongswan.org

strongSwan is a complete IPsec and IKEv1 implementation for Linux 2.4 and 2.6 kernels. It interoperates with most other IPsec-based VPN products. It is a descendant of the discontinued FreeS/WAN project. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A unique feature is the use of X.509 attribute certificates to implement advanced access control schemes based on group memberships.

Changes: The RFC 5793 Posture Broker Protocol compatible with Trusted Network Connect (PB-TNC) was implemented. IKE and ESP proposals as well as CRL distribution points can be stored in an SQL database. Connections can be started or routed automatically via the start_action database field. The IKEv2 daemon supports the INITIAL_CONTACT notification.

tags | kernel, encryption

systems | linux, unix

SHA-256 | 631645e3769003c8bce92b4a712de00722eb45fcbe3bff698403133e45e479c5

Download | Favorite | View

strongSwan IPsec / IKEv1 / IKEv2 Implementation For Linux 4.5.0

Posted Nov 2, 2010

Authored by Andreas Steffen | Site strongswan.org

strongSwan is a complete IPsec and IKEv1 implementation for Linux 2.4 and 2.6 kernels. It interoperates with most other IPsec-based VPN products. It is a descendant of the discontinued FreeS/WAN project. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A unique feature is the use of X.509 attribute certificates to implement advanced access control schemes based on group memberships.

Changes: IKEv2 is now the default key exchange mode. IKEv2 EAP-TLS, EAP-TTLS, and EAP-TNC (Trusted Network Connect) authentication modes terminated either on a strongSwan gateway or a remote AAA server are supported. PKCS#11 smartcards are supported for IKEv2.

tags | kernel, encryption

systems | linux

SHA-256 | 0b3e461e185dea0e9e029574a0d97f44bc82fad91e8a5cfb3112cdc1879bad57

Download | Favorite | View

strongSwan IPsec / IKEv1 / IKEv2 Implementation For Linux 4.4.0

Posted May 4, 2010

Authored by Andreas Steffen | Site strongswan.org

strongSwan is a complete IPsec and IKEv1 implementation for Linux 2.4 and 2.6 kernels. It interoperates with most other IPsec-based VPN products. It is a descendant of the discontinued FreeS/WAN project. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A unique feature is the use of X.509 attribute certificates to implement advanced access control schemes based on group memberships.

Changes: The new IKEv2 High Availability plugin provides load sharing and fail-over capabilities in a cluster of currently two nodes based on an extended ClusterIP Linux kernel module. IKEv1 and IKEv2 configuration support was added for the AES-GMAC authentication-only ESP cipher and for the Diffie-Hellman groups 22, 23, and 24. RAM-based virtual IP address pools are now also supported by the IKEv1 daemon. The dhcp and farp charon plugins allow tight integration of remote access clients into a local network by offering DHCP and ARP services.

tags | kernel, encryption

systems | linux

SHA-256 | d0c6837e1bff25f75aea16ba6ac8e93a4fc66b08d3d4c210aa80e1fa8d944105

Download | Favorite | View

strongSwan IPsec / IKEv1 / IKEv2 Implementation For Linux 4.3.6

Posted Feb 12, 2010

Authored by Andreas Steffen | Site strongswan.org

strongSwan is a complete IPsec and IKEv1 implementation for Linux 2.4 and 2.6 kernels. It interoperates with most other IPsec-based VPN products. It is a descendant of the discontinued FreeS/WAN project. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A unique feature is the use of X.509 attribute certificates to implement advanced access control schemes based on group memberships.

Changes: Starting with the Linux 2.6.33 kernel, the SHA-256/384/512 HMAC ESP data integrity algorithms are now configured by strongSwan with the correct truncation length. Older kernels require a SHA-2 patch. The IKEv2 charon daemon has been ported to the Android platform. DNS and NBNS server information stored in an SQL database can be distributed to VPN clients via the IKEv1 Mode Config or the IKEv2 Configuration payload.

tags | kernel, encryption

systems | linux

SHA-256 | df588fefef053c33ce6339c067c6aa8f6f17cf2cd3d49ab3e2b400555670ff1f

Download | Favorite | View

strongSwan IPsec / IKEv1 / IKEv2 Implementation For Linux 4.3.5

Posted Nov 3, 2009

Authored by Andreas Steffen | Site strongswan.org

strongSwan is a complete IPsec and IKEv1 implementation for Linux 2.4 and 2.6 kernels. It interoperates with most other IPsec-based VPN products. It is a descendant of the discontinued FreeS/WAN project. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A unique feature is the use of X.509 attribute certificates to implement advanced access control schemes based on group memberships.

Changes: The IKEv1 pluto daemon can attach SQL-based address pools to deal out virtual IP addresses as a Mode Config server in either Pull or Push mode. In addition to time based rekeying, the IKEv2 charon daemon supports IPsec SA lifetimes based on processed volume measured in bytes or number of packets.

tags | kernel, encryption

systems | linux

SHA-256 | cc502afbcbc3cebc94c18855db4e5f7718b08646de52b97e6f973d99467392d0

Download | Favorite | View

strongSwan IPsec / IKEv1 / IKEv2 Implementation For Linux

Posted Aug 22, 2009

Authored by Andreas Steffen | Site strongswan.org

strongSwan is a complete IPsec and IKEv1 implementation for Linux 2.4 and 2.6 kernels. It interoperates with most other IPsec-based VPN products. It is a descendant of the discontinued FreeS/WAN project. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A unique feature is the use of X.509 attribute certificates to implement advanced access control schemes based on group memberships.

Changes: The IKEv2 charon daemon has been ported to FreeBSD and Mac OS X.

tags | kernel, encryption

systems | linux

SHA-256 | 40627dfae0f033cdb3af2d30fc3598c64c127f1006fe3aae8ec6c1554ca0029e

Download | Favorite | View

strongSwan IPsec / IKEv1 / IKEv2 Implementation For Linux

Posted Jul 22, 2009

Authored by Andreas Steffen | Site strongswan.org

strongSwan is a complete IPsec and IKEv1 implementation for Linux 2.4 and 2.6 kernels. It interoperates with most other IPsec-based VPN products. It is a descendant of the discontinued FreeS/WAN project. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A unique feature is the use of X.509 attribute certificates to implement advanced access control schemes based on group memberships.

Changes: Optional integrity checksum tests are done over all strongSwan dynamic libraries and plugins during startup. The IKEv1 pluto daemon now supports the ESP authenticated encryption algorithms AES-GCM and AES-CCM.

tags | kernel, encryption

systems | linux

SHA-256 | 67248b40ad5e70cee17052620aba27d375ca88b6b00a9dbfbdbc7d8b5cda7d92

Download | Favorite | View

strongSwan IPsec / IKEv1 / IKEv2 Implementation For Linux

Posted Jun 23, 2009

Authored by Andreas Steffen | Site strongswan.org

strongSwan is a complete IPsec and IKEv1 implementation for Linux 2.4 and 2.6 kernels. It interoperates with most other IPsec-based VPN products. It is a descendant of the discontinued FreeS/WAN project. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A unique feature is the use of X.509 attribute certificates to implement advanced access control schemes based on group memberships.

Changes: The IKEv1 and IKEv2 daemons now share the same crypto framework. Either the built-in algorithms or the OpenSSL or GNU libgcrypt libraries can be used. During startup, self-tests for all cryptographic algorithms are executed. The IKEv1 daemon supports elliptic curve Diffie-Hellman groups and ECDSA signatures. Two minor DoS vulnerabilities in the ASN.1 parser were fixed.

tags | kernel, encryption

systems | linux

SHA-256 | a88556a37d0efdbf93354ff4c2e984011024bfda36635a02310886ed95370101

Download | Favorite | View

strongSwan IPsec / IKEv1 / IKEv2 Implementation For Linux

Posted May 27, 2009

Authored by Andreas Steffen | Site strongswan.org

strongSwan is a complete IPsec and IKEv1 implementation for Linux 2.4 and 2.6 kernels. It interoperates with most other IPsec-based VPN products. It is a descendant of the discontinued FreeS/WAN project. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A unique feature is the use of X.509 attribute certificates to implement advanced access control schemes based on group memberships.

Changes: This release fixes two DoS vulnerabilities in the charon daemon that were discovered by fuzzing techniques. A couple of bugs caused by the massive 4.3.0 refactoring were fixed.

tags | kernel, encryption

systems | linux

SHA-256 | 1d34d793bc7cd109fa7a19486e58341d729f701d4d8736dcde568c94280d972e

Download | Favorite | View

strongSwan IPsec / IKEv1 / IKEv2 Implementation For Linux

Posted Apr 23, 2009

Authored by Andreas Steffen | Site strongswan.org

strongSwan is a complete IPsec and IKEv1 implementation for Linux 2.4 and 2.6 kernels. It interoperates with most other IPsec-based VPN products. It is a descendant of the discontinued FreeS/WAN project. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A unique feature is the use of X.509 attribute certificates to implement advanced access control schemes based on group memberships.

Changes: This release implements IKEv2 Multiple Authentication Exchanges (RFC 4739). Refactored IKEv1 pluto code uses the libstrongswan library for basic functions. Up to two DNS and WINS servers to be sent via the IKEv1 ModeConfig protocol can thus be configured via strongswan.conf attributes.

tags | kernel, encryption

systems | linux

SHA-256 | 87445657f478d6df5da93745923c9543a093cbcf93f7c1ffbf3a0f9f0186abfb

Download | Favorite | View

strongSwan IPsec / IKEv1 / IKEv2 Implementation For Linux

Posted Mar 30, 2009

Authored by Andreas Steffen | Site strongswan.org

strongSwan is a complete IPsec and IKEv1 implementation for Linux 2.4 and 2.6 kernels. It interoperates with most other IPsec-based VPN products. It is a descendant of the discontinued FreeS/WAN project. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A unique feature is the use of X.509 attribute certificates to implement advanced access control schemes based on group memberships.

Changes: New server-side EAP RADIUS plugin. A vulnerability in Dead Peer Detection has been fixed. Other tweaks have been implemented.

tags | kernel, encryption

systems | linux

advisories | CVE-2009-0790

SHA-256 | 4ceadb0aa155d910f1986bd9f636d87644d75b68308d787fad07689d7bc0817f

Download | Favorite | View

strongSwan IPsec / IKEv1 / IKEv2 Implementation For Linux

Posted Mar 24, 2009

Authored by Andreas Steffen | Site strongswan.org

strongSwan is a complete IPsec and IKEv1 implementation for Linux 2.4 and 2.6 kernels. It interoperates with most other IPsec-based VPN products. It is a descendant of the discontinued FreeS/WAN project. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A unique feature is the use of X.509 attribute certificates to implement advanced access control schemes based on group memberships.

Changes: A couple of minor bugs in the IKEv1 and IKEv2 daemons were fixed.

tags | kernel, encryption

systems | linux

SHA-256 | 3d2fc236033fb374ac967abcdaf0b662d1a5232c5da6c5af1b04d84ea3312afb

Download | Favorite | View

strongSwan IPsec / IKEv1 / IKEv2 Implementation For Linux

Posted Feb 23, 2009

Authored by Andreas Steffen | Site strongswan.org

strongSwan is a complete IPsec and IKEv1 implementation for Linux 2.4 and 2.6 kernels. It interoperates with most other IPsec-based VPN products. It is a descendant of the discontinued FreeS/WAN project. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A unique feature is the use of X.509 attribute certificates to implement advanced access control schemes based on group memberships.

Changes: Support of the EAP-MSCHAPv2 protocol enabled. Assignment of up to two DNS and up to two WINS servers to peers via the IKEv2 Configuration Payload. The strongSwan applet for the Gnome NetworkManager is now built and distributed as a separate tarball under the name NetworkManager-strongswan.

tags | kernel, encryption

systems | linux

SHA-256 | 0d34ff3fc3eca6539cfb3a6443319ec033d2dfcdee17e6727b8916c8a633e63e

Download | Favorite | View

strongSwan IPsec / IKEv1 / IKEv2 Implementation For Linux

Posted Jan 22, 2009

Authored by Andreas Steffen | Site strongswan.org

strongSwan is a complete IPsec and IKEv1 implementation for Linux 2.4 and 2.6 kernels. It interoperates with most other IPsec-based VPN products. It is a descendant of the discontinued FreeS/WAN project. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A unique feature is the use of X.509 attribute certificates to implement advanced access control schemes based on group memberships.

Changes: Fixed ESP encryption broken by the refactoring of keymat.c. Also introduced proper initialization and disposal of keying material. Fixed the missing listing of connection definitions in ipsec statusall broken by an unfortunate local variable overload.

tags | kernel, encryption

systems | linux

SHA-256 | ac1afd470cfaaca5c88f65dc430349ae3eb13e20d84aeb81bcf3f4ae9bedcd9a

Download | Favorite | View

strongSwan IPsec / IKEv1 / IKEv2 Implementation For Linux

Posted Dec 31, 2008

Authored by Andreas Steffen | Site strongswan.org

strongSwan is a complete IPsec and IKEv1 implementation for Linux 2.4 and 2.6 kernels. It interoperates with most other IPsec-based VPN products. It is a descendant of the discontinued FreeS/WAN project. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A unique feature is the use of X.509 attribute certificates to implement advanced access control schemes based on group memberships.

Changes: Several performance improvements to handle thousands of tunnels with almost linear upscaling. Better parallelization to run charon on multiple cores. Various other improvements.

tags | kernel, encryption

systems | linux

SHA-256 | 92b957a69fecf7b5776a3da0954c2f0fed54299fc76712c9d79e0e50bc5f8b8d

Download | Favorite | View