exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 59 RSS Feed

Files from Andreas Steffen

Email addressprivate
First Active2005-11-20
Last Active2013-05-01
View User Profile
strongSwan IPsec Implementation 5.0.4
Posted May 1, 2013
Authored by Andreas Steffen | Site strongswan.org

strongSwan is a complete IPsec implementation for the Linux, Android, Maemo, FreeBSD, and Mac OS X operating systems. It interoperates with with most other IPsec-based VPN products via the IKEv2 or IKEv1 key exchange protocols. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A rich choice of modular plugins adds additional features like Trusted Network Connect or advanced cryptographical algorithms.

Changes: This release fixes a severe security vulnerability (CVE-2013-2944) that existed in all versions 4.3.5 through 5.0.3. If the strongSwan "openssl" plugin was used for ECDSA signature verification, an empty, zeroed, or otherwise invalid signature was handled as a legitimate one.
tags | encryption, protocol
systems | linux, unix, freebsd, apple, osx
advisories | CVE-2013-2949
SHA-256 | f52a048aabc783056f90efab6c181ccb17b17396d3208327b4f90debaa4c16a3
strongSwan IPsec Implementation 5.0.2
Posted Feb 12, 2013
Authored by Andreas Steffen | Site strongswan.org

strongSwan is a complete IPsec implementation for the Linux, Android, Maemo, FreeBSD, and Mac OS X operating systems. It interoperates with with most other IPsec-based VPN products via the IKEv2 or IKEv1 key exchange protocols. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A rich choice of modular plugins adds additional features like Trusted Network Connect or advanced cryptographical algorithms.

Changes: The strongSwan Trusted Network Connect functionality supports all IETF Standard PA-TNC attributes and a new OS IMC/IMV pair using these attributes to transfer Linux or Android operating system information. Interoperability with Windows XP has been improved by supporting PKCS#7 certificate containers and legacy NAT traversal protocols. The test framework has been migrated from User Mode Linux to KVM, making it faster and more robust.
tags | tool, encryption, protocol
systems | linux, unix, freebsd, apple, osx
SHA-256 | d46f91e8a8f6bd9102156d1ee6efb61bd15b3a8b8b5c619bc91c1c61474727b6
strongSwan IPsec Implementation 5.0.1
Posted Oct 5, 2012
Authored by Andreas Steffen | Site strongswan.org

strongSwan is a complete IPsec implementation for the Linux, Android, Maemo, FreeBSD, and Mac OS X operating systems. It interoperates with with most other IPsec-based VPN products via the IKEv2 or IKEv1 key exchange protocols. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A rich choice of modular plugins adds additional features like Trusted Network Connect or advanced cryptographical algorithms.

Changes: The leftsourceip option now accepts a comma separated combination of %config4, %config6, or fixed IP addresses to request from the responder. Likewise, the rightsourceip option accepts multiple explicitly specified or referenced named address pools. TPM-based remote attestation has been extended to verify the complete measurements done by the Linux Integrity Measurement Architecture (IMA). Reference hash values of up to 10'000 Linux system files are stored in an SQLite database.
tags | tool, encryption, protocol
systems | linux, freebsd, apple, osx
SHA-256 | 8b56598c03fd2c9ee37b844a32f04a9db292e6318e4411065e0b1d74770cd467
strongSwan IPsec Implementation 5.0.0
Posted Jul 3, 2012
Authored by Andreas Steffen | Site strongswan.org

strongSwan is a complete IPsec implementation for the Linux, Android, Maemo, FreeBSD, and Mac OS X operating systems. It interoperates with with most other IPsec-based VPN products via the IKEv2 or IKEv1 key exchange protocols. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A rich choice of modular plugins adds additional features like Trusted Network Connect or advanced cryptographical algorithms.

Changes: The IKEv1 protocol was re-implemented from scratch by extending the successful IKEv2 code. The charon keying daemon now supports both protocols, which allowed the old IKEv1 pluto daemon to be removed. Support for the IKEv1 Aggressive and Hybrid Modes has been added.
tags | tool, encryption, protocol
systems | linux, freebsd, apple, osx
SHA-256 | 1a7ed98015df32e7412caf37391105af25a9dc66a0e357a1c92ccd5a9f180298
strongSwan IPsec Implementation 4.6.3
Posted May 3, 2012
Authored by Andreas Steffen | Site strongswan.org

strongSwan is a complete IPsec implementation for the Linux, Android, Maemo, FreeBSD, and Mac OS X operating systems. It interoperates with with most other IPsec-based VPN products via the IKEv2 or IKEv1 key exchange protocols. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A rich choice of modular plugins adds additional features like Trusted Network Connect or advanced cryptographical algorithms.

Changes: An extended EAP-RADIUS interfaces allows one to enforce Session-Timeout attributes using RFC4478 repeated authentication, and acts upon RADIUS Dynamic Authorization extensions (RFC 5176). Currently supported are disconnect requests and CoA messages containing a Session-Timeout. The tnc-pdp plugin implements a RADIUS server interface allowing a strongSwan TNC server to act as a Policy Decision Point.
tags | encryption, protocol
systems | linux, unix, freebsd, apple, osx
SHA-256 | 62dd46bdfa66e997cd07479c448ce5a5cb3748cb495d58074a7a737dbbe93fc4
strongSwan IPsec Implementation 4.6.2
Posted Feb 22, 2012
Authored by Andreas Steffen | Site strongswan.org

strongSwan is a complete IPsec implementation for the Linux, Android, Maemo, FreeBSD, and Mac OS X operating systems. It interoperates with with most other IPsec-based VPN products via the IKEv2 or IKEv1 key exchange protocols. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A rich choice of modular plugins adds additional features like Trusted Network Connect or advanced cryptographical algorithms.

Changes: The Trusted Computing Group Attestation Platform Trust Service (PTS) protocol was implemented. TPM-based remote attestation of Linux IMA (Integrity Measurement Architecture) is now possible. Measurement reference values are automatically stored in a SQLite database. A RADIUS accounting interface was provided along with support for PKCS#8 encoded private keys.
tags | encryption, protocol
systems | linux, unix, freebsd, apple, osx
SHA-256 | 8ab2371ba0c70cd010f0736839a0737dec95b197325b98505c1c69dd55e6964f
strongSwan IPsec Implementation 4.6.1
Posted Nov 12, 2011
Authored by Andreas Steffen | Site strongswan.org

strongSwan is a complete IPsec implementation for the Linux, Android, Maemo, FreeBSD, and Mac OS X operating systems. It interoperates with with most other IPsec-based VPN products via the IKEv2 or IKEv1 key exchange protocols. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A rich choice of modular plugins adds additional features like Trusted Network Connect or advanced cryptographical algorithms.

Changes: Because Ubuntu 11.10 activated the --as-needed ld option that discards included links to dynamic libraries that are not actually used by the charon daemon itself, the loading of plugins depending on external symbols provided by the libsimaka, libtls, or libtnccs libraries failed. As a fix, the plugins include the required libraries directly, and due to relinking during the installation, the approach of computing integrity checksums for plugins had to be changed radically by moving the hash generation from the compilation to the post-installation phase.
tags | encryption, protocol
systems | linux, unix, freebsd, apple, osx
SHA-256 | d750ec16bc32c3d7f41fdbc7ac376defb1acde9f4d95d32052cdb15488ca3c34
strongSwan IPsec Implementation 4.6.0
Posted Nov 8, 2011
Authored by Andreas Steffen | Site strongswan.org

strongSwan is a complete IPsec implementation for the Linux, Android, Maemo, FreeBSD, and Mac OS X operating systems. It interoperates with with most other IPsec-based VPN products via the IKEv2 or IKEv1 key exchange protocols. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A rich choice of modular plugins adds additional features like Trusted Network Connect or advanced cryptographical algorithms.

Changes: The libstrongswan plugin system now supports detailed plugin dependencies. Many plugins have been extended to export their capabilities and requirements. This allows the plugin loader to resolve the plugin loading order automatically, The pkcs11 plugin has been extended to handle Elliptic Curve Cryptography smartcards. The tnc-ifmap plugin implements a TNC IF-MAP 2.0 client which can deliver metadata about IKE_SAs via a SOAP interface to a Trusted Network Connect MAP server.
tags | encryption, protocol
systems | linux, unix, freebsd, apple, osx
SHA-256 | a602d73869f6d31e7e39021d3ac0b4d659de65348c0b42292785a6497ce28edc
strongSwan IPsec Implementation 4.5.3
Posted Aug 4, 2011
Authored by Andreas Steffen | Site strongswan.org

strongSwan is a complete IPsec implementation for the Linux, Android, Maemo, FreeBSD, and Mac OS X operating systems. It interoperates with with most other IPsec-based VPN products via the IKEv2 or IKEv1 key exchange protocols. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A rich choice of modular plugins adds additional features like Trusted Network Connect or advanced cryptographical algorithms.

Changes: The IKEv2 charon daemon allows one to define PASS and DROP shunt policies that, for example, prevent local traffic from going through IPsec connections or except certain protocols from IPsec encryption. A new IMC/IMV Scanner pair implements the RFC 5792 PA-TNC protocol. The Integrity Measurement Collector uses netstat to scan for open listening ports on the TNC client and sends a port list to the Integrity Measurement Verifier attached to the TNC Server, which decides whether the client is admitted to the network based on a configurable port policy.
tags | encryption, protocol
systems | linux, unix, freebsd, apple, osx
SHA-256 | e151188674981249da844460cb2aaeff81dc83646efea32e24eb85a0f4d4c1db
strongSwan IPsec / IKEv1 / IKEv2 Implementation For Linux 4.5.2
Posted May 25, 2011
Authored by Andreas Steffen | Site strongswan.org

strongSwan is a complete IPsec and IKEv1 implementation for Linux 2.4 and 2.6 kernels. It interoperates with most other IPsec-based VPN products. It is a descendant of the discontinued FreeS/WAN project. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A unique feature is the use of X.509 attribute certificates to implement advanced access control schemes based on group memberships.

Changes: The IKEv2 daemon supports negotiation of Extended Sequence Numbers (ESN) in conjunction with the Linux 2.6.39 kernel. The whitelist plugin allows whitelisting of users with X.509 certificate credentials. The eap-sim-pcsc plugin implements a pcsc-lite based SIM card backend.
tags | kernel, encryption
systems | linux, unix
SHA-256 | 88eeebfe9df6d18f320f396c7236f907e7a34c27f8382c7ce6e4239a7ecce31b
strongSwan IPsec / IKEv1 / IKEv2 Implementation For Linux 4.5.1
Posted Feb 14, 2011
Authored by Andreas Steffen | Site strongswan.org

strongSwan is a complete IPsec and IKEv1 implementation for Linux 2.4 and 2.6 kernels. It interoperates with most other IPsec-based VPN products. It is a descendant of the discontinued FreeS/WAN project. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A unique feature is the use of X.509 attribute certificates to implement advanced access control schemes based on group memberships.

Changes: The RFC 5793 Posture Broker Protocol compatible with Trusted Network Connect (PB-TNC) was implemented. IKE and ESP proposals as well as CRL distribution points can be stored in an SQL database. Connections can be started or routed automatically via the start_action database field. The IKEv2 daemon supports the INITIAL_CONTACT notification.
tags | kernel, encryption
systems | linux, unix
SHA-256 | 631645e3769003c8bce92b4a712de00722eb45fcbe3bff698403133e45e479c5
strongSwan IPsec / IKEv1 / IKEv2 Implementation For Linux 4.5.0
Posted Nov 2, 2010
Authored by Andreas Steffen | Site strongswan.org

strongSwan is a complete IPsec and IKEv1 implementation for Linux 2.4 and 2.6 kernels. It interoperates with most other IPsec-based VPN products. It is a descendant of the discontinued FreeS/WAN project. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A unique feature is the use of X.509 attribute certificates to implement advanced access control schemes based on group memberships.

Changes: IKEv2 is now the default key exchange mode. IKEv2 EAP-TLS, EAP-TTLS, and EAP-TNC (Trusted Network Connect) authentication modes terminated either on a strongSwan gateway or a remote AAA server are supported. PKCS#11 smartcards are supported for IKEv2.
tags | kernel, encryption
systems | linux
SHA-256 | 0b3e461e185dea0e9e029574a0d97f44bc82fad91e8a5cfb3112cdc1879bad57
strongSwan IPsec / IKEv1 / IKEv2 Implementation For Linux 4.4.0
Posted May 4, 2010
Authored by Andreas Steffen | Site strongswan.org

strongSwan is a complete IPsec and IKEv1 implementation for Linux 2.4 and 2.6 kernels. It interoperates with most other IPsec-based VPN products. It is a descendant of the discontinued FreeS/WAN project. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A unique feature is the use of X.509 attribute certificates to implement advanced access control schemes based on group memberships.

Changes: The new IKEv2 High Availability plugin provides load sharing and fail-over capabilities in a cluster of currently two nodes based on an extended ClusterIP Linux kernel module. IKEv1 and IKEv2 configuration support was added for the AES-GMAC authentication-only ESP cipher and for the Diffie-Hellman groups 22, 23, and 24. RAM-based virtual IP address pools are now also supported by the IKEv1 daemon. The dhcp and farp charon plugins allow tight integration of remote access clients into a local network by offering DHCP and ARP services.
tags | kernel, encryption
systems | linux
SHA-256 | d0c6837e1bff25f75aea16ba6ac8e93a4fc66b08d3d4c210aa80e1fa8d944105
strongSwan IPsec / IKEv1 / IKEv2 Implementation For Linux 4.3.6
Posted Feb 12, 2010
Authored by Andreas Steffen | Site strongswan.org

strongSwan is a complete IPsec and IKEv1 implementation for Linux 2.4 and 2.6 kernels. It interoperates with most other IPsec-based VPN products. It is a descendant of the discontinued FreeS/WAN project. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A unique feature is the use of X.509 attribute certificates to implement advanced access control schemes based on group memberships.

Changes: Starting with the Linux 2.6.33 kernel, the SHA-256/384/512 HMAC ESP data integrity algorithms are now configured by strongSwan with the correct truncation length. Older kernels require a SHA-2 patch. The IKEv2 charon daemon has been ported to the Android platform. DNS and NBNS server information stored in an SQL database can be distributed to VPN clients via the IKEv1 Mode Config or the IKEv2 Configuration payload.
tags | kernel, encryption
systems | linux
SHA-256 | df588fefef053c33ce6339c067c6aa8f6f17cf2cd3d49ab3e2b400555670ff1f
strongSwan IPsec / IKEv1 / IKEv2 Implementation For Linux 4.3.5
Posted Nov 3, 2009
Authored by Andreas Steffen | Site strongswan.org

strongSwan is a complete IPsec and IKEv1 implementation for Linux 2.4 and 2.6 kernels. It interoperates with most other IPsec-based VPN products. It is a descendant of the discontinued FreeS/WAN project. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A unique feature is the use of X.509 attribute certificates to implement advanced access control schemes based on group memberships.

Changes: The IKEv1 pluto daemon can attach SQL-based address pools to deal out virtual IP addresses as a Mode Config server in either Pull or Push mode. In addition to time based rekeying, the IKEv2 charon daemon supports IPsec SA lifetimes based on processed volume measured in bytes or number of packets.
tags | kernel, encryption
systems | linux
SHA-256 | cc502afbcbc3cebc94c18855db4e5f7718b08646de52b97e6f973d99467392d0
strongSwan IPsec / IKEv1 / IKEv2 Implementation For Linux
Posted Aug 22, 2009
Authored by Andreas Steffen | Site strongswan.org

strongSwan is a complete IPsec and IKEv1 implementation for Linux 2.4 and 2.6 kernels. It interoperates with most other IPsec-based VPN products. It is a descendant of the discontinued FreeS/WAN project. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A unique feature is the use of X.509 attribute certificates to implement advanced access control schemes based on group memberships.

Changes: The IKEv2 charon daemon has been ported to FreeBSD and Mac OS X.
tags | kernel, encryption
systems | linux
SHA-256 | 40627dfae0f033cdb3af2d30fc3598c64c127f1006fe3aae8ec6c1554ca0029e
strongSwan IPsec / IKEv1 / IKEv2 Implementation For Linux
Posted Jul 22, 2009
Authored by Andreas Steffen | Site strongswan.org

strongSwan is a complete IPsec and IKEv1 implementation for Linux 2.4 and 2.6 kernels. It interoperates with most other IPsec-based VPN products. It is a descendant of the discontinued FreeS/WAN project. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A unique feature is the use of X.509 attribute certificates to implement advanced access control schemes based on group memberships.

Changes: Optional integrity checksum tests are done over all strongSwan dynamic libraries and plugins during startup. The IKEv1 pluto daemon now supports the ESP authenticated encryption algorithms AES-GCM and AES-CCM.
tags | kernel, encryption
systems | linux
SHA-256 | 67248b40ad5e70cee17052620aba27d375ca88b6b00a9dbfbdbc7d8b5cda7d92
strongSwan IPsec / IKEv1 / IKEv2 Implementation For Linux
Posted Jun 23, 2009
Authored by Andreas Steffen | Site strongswan.org

strongSwan is a complete IPsec and IKEv1 implementation for Linux 2.4 and 2.6 kernels. It interoperates with most other IPsec-based VPN products. It is a descendant of the discontinued FreeS/WAN project. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A unique feature is the use of X.509 attribute certificates to implement advanced access control schemes based on group memberships.

Changes: The IKEv1 and IKEv2 daemons now share the same crypto framework. Either the built-in algorithms or the OpenSSL or GNU libgcrypt libraries can be used. During startup, self-tests for all cryptographic algorithms are executed. The IKEv1 daemon supports elliptic curve Diffie-Hellman groups and ECDSA signatures. Two minor DoS vulnerabilities in the ASN.1 parser were fixed.
tags | kernel, encryption
systems | linux
SHA-256 | a88556a37d0efdbf93354ff4c2e984011024bfda36635a02310886ed95370101
strongSwan IPsec / IKEv1 / IKEv2 Implementation For Linux
Posted May 27, 2009
Authored by Andreas Steffen | Site strongswan.org

strongSwan is a complete IPsec and IKEv1 implementation for Linux 2.4 and 2.6 kernels. It interoperates with most other IPsec-based VPN products. It is a descendant of the discontinued FreeS/WAN project. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A unique feature is the use of X.509 attribute certificates to implement advanced access control schemes based on group memberships.

Changes: This release fixes two DoS vulnerabilities in the charon daemon that were discovered by fuzzing techniques. A couple of bugs caused by the massive 4.3.0 refactoring were fixed.
tags | kernel, encryption
systems | linux
SHA-256 | 1d34d793bc7cd109fa7a19486e58341d729f701d4d8736dcde568c94280d972e
strongSwan IPsec / IKEv1 / IKEv2 Implementation For Linux
Posted Apr 23, 2009
Authored by Andreas Steffen | Site strongswan.org

strongSwan is a complete IPsec and IKEv1 implementation for Linux 2.4 and 2.6 kernels. It interoperates with most other IPsec-based VPN products. It is a descendant of the discontinued FreeS/WAN project. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A unique feature is the use of X.509 attribute certificates to implement advanced access control schemes based on group memberships.

Changes: This release implements IKEv2 Multiple Authentication Exchanges (RFC 4739). Refactored IKEv1 pluto code uses the libstrongswan library for basic functions. Up to two DNS and WINS servers to be sent via the IKEv1 ModeConfig protocol can thus be configured via strongswan.conf attributes.
tags | kernel, encryption
systems | linux
SHA-256 | 87445657f478d6df5da93745923c9543a093cbcf93f7c1ffbf3a0f9f0186abfb
strongSwan IPsec / IKEv1 / IKEv2 Implementation For Linux
Posted Mar 30, 2009
Authored by Andreas Steffen | Site strongswan.org

strongSwan is a complete IPsec and IKEv1 implementation for Linux 2.4 and 2.6 kernels. It interoperates with most other IPsec-based VPN products. It is a descendant of the discontinued FreeS/WAN project. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A unique feature is the use of X.509 attribute certificates to implement advanced access control schemes based on group memberships.

Changes: New server-side EAP RADIUS plugin. A vulnerability in Dead Peer Detection has been fixed. Other tweaks have been implemented.
tags | kernel, encryption
systems | linux
advisories | CVE-2009-0790
SHA-256 | 4ceadb0aa155d910f1986bd9f636d87644d75b68308d787fad07689d7bc0817f
strongSwan IPsec / IKEv1 / IKEv2 Implementation For Linux
Posted Mar 24, 2009
Authored by Andreas Steffen | Site strongswan.org

strongSwan is a complete IPsec and IKEv1 implementation for Linux 2.4 and 2.6 kernels. It interoperates with most other IPsec-based VPN products. It is a descendant of the discontinued FreeS/WAN project. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A unique feature is the use of X.509 attribute certificates to implement advanced access control schemes based on group memberships.

Changes: A couple of minor bugs in the IKEv1 and IKEv2 daemons were fixed.
tags | kernel, encryption
systems | linux
SHA-256 | 3d2fc236033fb374ac967abcdaf0b662d1a5232c5da6c5af1b04d84ea3312afb
strongSwan IPsec / IKEv1 / IKEv2 Implementation For Linux
Posted Feb 23, 2009
Authored by Andreas Steffen | Site strongswan.org

strongSwan is a complete IPsec and IKEv1 implementation for Linux 2.4 and 2.6 kernels. It interoperates with most other IPsec-based VPN products. It is a descendant of the discontinued FreeS/WAN project. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A unique feature is the use of X.509 attribute certificates to implement advanced access control schemes based on group memberships.

Changes: Support of the EAP-MSCHAPv2 protocol enabled. Assignment of up to two DNS and up to two WINS servers to peers via the IKEv2 Configuration Payload. The strongSwan applet for the Gnome NetworkManager is now built and distributed as a separate tarball under the name NetworkManager-strongswan.
tags | kernel, encryption
systems | linux
SHA-256 | 0d34ff3fc3eca6539cfb3a6443319ec033d2dfcdee17e6727b8916c8a633e63e
strongSwan IPsec / IKEv1 / IKEv2 Implementation For Linux
Posted Jan 22, 2009
Authored by Andreas Steffen | Site strongswan.org

strongSwan is a complete IPsec and IKEv1 implementation for Linux 2.4 and 2.6 kernels. It interoperates with most other IPsec-based VPN products. It is a descendant of the discontinued FreeS/WAN project. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A unique feature is the use of X.509 attribute certificates to implement advanced access control schemes based on group memberships.

Changes: Fixed ESP encryption broken by the refactoring of keymat.c. Also introduced proper initialization and disposal of keying material. Fixed the missing listing of connection definitions in ipsec statusall broken by an unfortunate local variable overload.
tags | kernel, encryption
systems | linux
SHA-256 | ac1afd470cfaaca5c88f65dc430349ae3eb13e20d84aeb81bcf3f4ae9bedcd9a
strongSwan IPsec / IKEv1 / IKEv2 Implementation For Linux
Posted Dec 31, 2008
Authored by Andreas Steffen | Site strongswan.org

strongSwan is a complete IPsec and IKEv1 implementation for Linux 2.4 and 2.6 kernels. It interoperates with most other IPsec-based VPN products. It is a descendant of the discontinued FreeS/WAN project. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A unique feature is the use of X.509 attribute certificates to implement advanced access control schemes based on group memberships.

Changes: Several performance improvements to handle thousands of tunnels with almost linear upscaling. Better parallelization to run charon on multiple cores. Various other improvements.
tags | kernel, encryption
systems | linux
SHA-256 | 92b957a69fecf7b5776a3da0954c2f0fed54299fc76712c9d79e0e50bc5f8b8d
Page 1 of 3
Back123Next

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    20 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    17 Files
  • 8
    Oct 8th
    66 Files
  • 9
    Oct 9th
    25 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    21 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close