what you don't know can hurt you
Showing 26 - 50 of 59 RSS Feed

Files from Andreas Steffen

Email addressprivate
First Active2005-11-20
Last Active2013-05-01
View User Profile
strongSwan IPsec / IKEv1 / IKEv2 Implementation For Linux
Posted Nov 19, 2008
Authored by Andreas Steffen | Site strongswan.org

strongSwan is a complete IPsec and IKEv1 implementation for Linux 2.4 and 2.6 kernels. It interoperates with most other IPsec-based VPN products. It is a descendant of the discontinued FreeS/WAN project. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A unique feature is the use of X.509 attribute certificates to implement advanced access control schemes based on group memberships.

Changes: Flexible configuration of logging subsystem. Load testing plugin to do stress testing of the IKEv2 daemon against self or another host. Added profiling code to synchronization primitives to find bottlenecks if running on multiple cores. Various other improvements.
tags | kernel, encryption
systems | linux
MD5 | cf477bf5da424489e4d3cbff9c561eb7
strongSwan IPsec / IKEv1 / IKEv2 Implementation For Linux
Posted Oct 16, 2008
Authored by Andreas Steffen | Site strongswan.org

strongSwan is a complete IPsec and IKEv1 implementation for Linux 2.4 and 2.6 kernels. It interoperates with most other IPsec-based VPN products. It is a descendant of the discontinued FreeS/WAN project. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A unique feature is the use of X.509 attribute certificates to implement advanced access control schemes based on group memberships.

Changes: IKEv2 charon daemon supports authentication based on raw public keys stored in the SQL database backend. Several MOBIKE improvements. Fixed a bug in addr_in_subnet() which caused insertion of wrong source routes for destination subnets having netwmasks not being a multiple of 8 bits.
tags | kernel, encryption
systems | linux
MD5 | 46f47687f483b9fe68d512fd450f0c92
strongSwan IPsec / IKEv1 / IKEv2 Implementation For Linux
Posted Sep 19, 2008
Authored by Andreas Steffen | Site strongswan.org

strongSwan is a complete IPsec and IKEv1 implementation for Linux 2.4 and 2.6 kernels. It interoperates with most other IPsec-based VPN products. It is a descendant of the discontinued FreeS/WAN project. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A unique feature is the use of X.509 attribute certificates to implement advanced access control schemes based on group memberships.

Changes: Fixed a Denial-of-Service vulnerability where an IKE_SA_INIT message with a KE payload containing zeroes only can cause a crash of the IKEv2 charon daemon due to a NULL pointer returned by the mpz_export() function of the GNU Multi Precision (GMP) library. Multiple other additions and fixes.
tags | kernel, encryption
systems | linux
MD5 | 70245758c959bf8fc907c5bf4d0b02ac
strongSwan IPsec / IKEv1 / IKEv2 Implementation For Linux
Posted Aug 29, 2008
Authored by Andreas Steffen | Site strongswan.org

strongSwan is a complete IPsec and IKEv1 implementation for Linux 2.4 and 2.6 kernels. It interoperates with most other IPsec-based VPN products. It is a descendant of the discontinued FreeS/WAN project. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A unique feature is the use of X.509 attribute certificates to implement advanced access control schemes based on group memberships.

Changes: A NetworkManager plugin allows GUI-based configuration of road-warrior clients in a simple way. A new EAP-GTC plugin implements draft-sheffer-ikev2-gtc-00.txt and allows username/password authentication against any PAM service on the gateway. Various other fixes and additions.
tags | kernel, encryption
systems | linux
MD5 | 918fa35839013b14bd4b972853aeedb4
strongSwan IPsec / IKEv1 / IKEv2 Implementation For Linux
Posted Jul 28, 2008
Authored by Andreas Steffen | Site strongswan.org

strongSwan is a complete IPsec and IKEv1 implementation for Linux 2.4 and 2.6 kernels. It interoperates with most other IPsec-based VPN products. It is a descendant of the discontinued FreeS/WAN project. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A unique feature is the use of X.509 attribute certificates to implement advanced access control schemes based on group memberships.

Changes: Consistent logging of IKE and CHILD SAs at the audit (AUD) level. Various improvements, additions, and bug fixes.
tags | kernel, encryption
systems | linux
MD5 | 5993b15895542d1d59c799be298a18bb
strongSwan IPsec / IKEv1 / IKEv2 Implementation For Linux
Posted Jun 26, 2008
Authored by Andreas Steffen | Site strongswan.org

strongSwan is a complete IPsec and IKEv1 implementation for Linux 2.4 and 2.6 kernels. It interoperates with most other IPsec-based VPN products. It is a descendant of the discontinued FreeS/WAN project. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A unique feature is the use of X.509 attribute certificates to implement advanced access control schemes based on group memberships.

Changes: Added statistics functions to ipsec pool --status and ipsec pool --leases and input validation checks to various ipsec pool commands. ipsec statusall now lists all loaded charon plugins and displays the negotiated IKE cipher suite proposal. The openssl plugin supports the elliptic curve Diffie-Hellman groups 19, 20, 21, 25, and 26. Various other fixes and additions.
tags | kernel, encryption
systems | linux
MD5 | 92ddfaedd6698bc6640927def271d476
strongSwan IPsec / IKEv1 / IKEv2 Implementation For Linux
Posted May 27, 2008
Authored by Andreas Steffen | Site strongswan.org

strongSwan is a complete IPsec and IKEv1 implementation for Linux 2.4 and 2.6 kernels. It interoperates with most other IPsec-based VPN products. It is a descendant of the discontinued FreeS/WAN project. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A unique feature is the use of X.509 attribute certificates to implement advanced access control schemes based on group memberships.

Changes: Fixed the strongswan.conf path configuration problem. Fixed a number of minor bugs that where discovered during the 4th IKEv2 interoperability workshop in San Antonio, TX.
tags | kernel, encryption
systems | linux
MD5 | 83eb643df4bccbb0514dd6eb714f03ea
strongSwan IPsec / IKEv1 / IKEv2 Implementation For Linux
Posted Apr 21, 2008
Authored by Andreas Steffen | Site strongswan.org

strongSwan is a complete IPsec and IKEv1 implementation for Linux 2.4 and 2.6 kernels. It interoperates with most other IPsec-based VPN products. It is a descendant of the discontinued FreeS/WAN project. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A unique feature is the use of X.509 attribute certificates to implement advanced access control schemes based on group memberships.

Changes: Support for "Hash and URL" encoded certificate payloads has been implemented in the IKEv2 daemon charon. The IKEv2 daemon charon now supports the "uniqueids" option to close multiple IKE_SAs with the same peer. The new trustchain verification introduced in 4.2.0 has been parallelized. Various other fixes and improvements.
tags | kernel, encryption
systems | linux
MD5 | 1af259dd8c1c3b6e402579cc0efe212a
strongSwan IPsec / IKEv1 / IKEv2 Implementation For Linux
Posted Apr 4, 2008
Authored by Andreas Steffen | Site strongswan.org

strongSwan is a complete IPsec and IKEv1 implementation for Linux 2.4 and 2.6 kernels. It interoperates with most other IPsec-based VPN products. It is a descendant of the discontinued FreeS/WAN project. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A unique feature is the use of X.509 attribute certificates to implement advanced access control schemes based on group memberships.

Changes: libstrongswan has been modularized to attach crypto algorithms, credential implementations (keys, certificates) and fetchers dynamically through plugins. Various other additions and improvements.
tags | kernel, encryption
systems | linux
MD5 | 279ba39241d08ddff99abdc33860469a
strongSwan IPsec / IKEv1 / IKEv2 Implementation For Linux
Posted Feb 20, 2008
Authored by Andreas Steffen | Site strongswan.org

strongSwan is a complete IPsec and IKEv1 implementation for Linux 2.4 and 2.6 kernels. It interoperates with most other IPsec-based VPN products. It is a descendant of the discontinued FreeS/WAN project. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A unique feature is the use of X.509 attribute certificates to implement advanced access control schemes based on group memberships.

Changes: Fixed IKE rekeying, a type definition, and implemented IKEv2 EAP-SIM server and client test modules that use triplets stored in a file.
tags | kernel, encryption
systems | linux
MD5 | 305a7b21513f2806f76f37b12f57a1f5
strongSwan IPsec / IKEv1 / IKEv2 Implementation For Linux
Posted Dec 20, 2007
Authored by Andreas Steffen | Site strongswan.org

strongSwan is a complete IPsec and IKEv1 implementation for Linux 2.4 and 2.6 kernels. It interoperates with most other IPsec-based VPN products. It is a descendant of the discontinued FreeS/WAN project. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A unique feature is the use of X.509 attribute certificates to implement advanced access control schemes based on group memberships.

Changes: Fixed error in the ordering of the certinfo_t records in the ocsp cache that caused multiple entries of the same serial number to be created. Various other enhancements.
tags | kernel, encryption
systems | linux
MD5 | b46b2d5de70d18890c7595bdfbe01619
strongSwan IPsec / IKEv1 / IKEv2 Implementation For Linux
Posted Dec 6, 2007
Authored by Andreas Steffen | Site strongswan.org

strongSwan is a complete IPsec and IKEv1 implementation for Linux 2.4 and 2.6 kernels. It interoperates with most other IPsec-based VPN products. It is a descendant of the discontinued FreeS/WAN project. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A unique feature is the use of X.509 attribute certificates to implement advanced access control schemes based on group memberships.

Changes: Fixes and improvements to multithreading code. Various other tweaks.
tags | kernel, encryption
systems | linux
MD5 | 2178acf194f4c99cdee2ddc38cfb7a94
strongSwan IPsec / IKEv1 / IKEv2 Implementation For Linux
Posted Oct 18, 2007
Authored by Andreas Steffen | Site strongswan.org

strongSwan is a complete IPsec and IKEv1 implementation for Linux 2.4 and 2.6 kernels. It interoperates with most other IPsec-based VPN products. It is a descendant of the discontinued FreeS/WAN project. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A unique feature is the use of X.509 attribute certificates to implement advanced access control schemes based on group memberships.

Changes: Removed recursive pthread mutexes since uClib does not support them.
tags | kernel, encryption
systems | linux
MD5 | 6659c08512ef7a671b934f4858cd5bd3
strongSwan IPsec / IKEv1 / IKEv2 Implementation For Linux
Posted Oct 5, 2007
Authored by Andreas Steffen | Site strongswan.org

strongSwan is a complete IPsec and IKEv1 implementation for Linux 2.4 and 2.6 kernels. It interoperates with most other IPsec-based VPN products. It is a descendant of the discontinued FreeS/WAN project. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A unique feature is the use of X.509 attribute certificates to implement advanced access control schemes based on group memberships.

Changes: Various enhancements. Preview of strongSwan Manager. Further improvements to MOBIKE support.
tags | kernel, encryption
systems | linux
MD5 | 94d0b341792946f0e9a6dc10adab3a32
strongSwan IPsec / IKEv1 / IKEv2 Implementation For Linux
Posted Sep 5, 2007
Authored by Andreas Steffen | Site strongswan.org

strongSwan is a complete IPsec and IKEv1 implementation for Linux 2.4 and 2.6 kernels. It interoperates with most other IPsec-based VPN products. It is a descendant of the discontinued FreeS/WAN project. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A unique feature is the use of X.509 attribute certificates to implement advanced access control schemes based on group memberships.

Changes: Various enhancements.
tags | kernel, encryption
systems | linux
MD5 | b8c5be36ad93f4457a86cb8ade153e49
strongSwan IPsec / IKEv1 / IKEv2 Implementation For Linux
Posted Aug 9, 2007
Authored by Andreas Steffen | Site strongswan.org

strongSwan is a complete IPsec and IKEv1 implementation for Linux 2.4 and 2.6 kernels. It interoperates with most other IPsec-based VPN products. It is a descendant of the discontinued FreeS/WAN project. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A unique feature is the use of X.509 attribute certificates to implement advanced access control schemes based on group memberships.

Changes: Various enhancements.
tags | kernel, encryption
systems | linux
MD5 | 89a9c534d2f2c30733ea944c3630a531
strongSwan IPsec / IKEv1 / IKEv2 Implementation For Linux
Posted Jul 7, 2007
Authored by Andreas Steffen | Site strongswan.org

strongSwan is a complete IPsec and IKEv1 implementation for Linux 2.4 and 2.6 kernels. It interoperates with most other IPsec-based VPN products. It is a descendant of the discontinued FreeS/WAN project. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A unique feature is the use of X.509 attribute certificates to implement advanced access control schemes based on group memberships.

Changes: Multiple parameter additions and bug fixes.
tags | kernel, encryption
systems | linux
MD5 | ce1a09d43e066fcbd5bb25bdb92404a1
strongSwan IPsec / IKEv1 / IKEv2 Implementation For Linux
Posted May 30, 2007
Authored by Andreas Steffen | Site strongswan.org

strongSwan is a complete IPsec and IKEv1 implementation for Linux 2.4 and 2.6 kernels. It interoperates with most other IPsec-based VPN products. It is a descendant of the discontinued FreeS/WAN project. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A unique feature is the use of X.509 attribute certificates to implement advanced access control schemes based on group memberships.

Changes: IKEv2 peer configuration selection now can be based on a given certification authority using the rightca= statement. IKEv2 authentication based on RSA signatures now can handle multiple certificates issued for a given peer ID. This allows a smooth transition in the case of a peer certificate renewal. Various other tweaks and modifications.
tags | kernel, encryption
systems | linux
MD5 | 8a9f0c0dd939eeb1f6b8d6cb86925ffa
strongSwan IPsec / IKEv1 / IKEv2 Implementation For Linux
Posted May 3, 2007
Authored by Andreas Steffen | Site strongswan.org

strongSwan is a complete IPsec and IKEv1 implementation for Linux 2.4 and 2.6 kernels. It interoperates with most other IPsec-based VPN products. It is a descendant of the discontinued FreeS/WAN project. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A unique feature is the use of X.509 attribute certificates to implement advanced access control schemes based on group memberships.

Changes: Support for an additional Diffie-Hellman exchange. Support for the AES-XCBC-96 MAC algorithm for IPsec SAs when using IKEv2. Various other enhancements.
tags | kernel, encryption
systems | linux
MD5 | 87db016ad742cfa92ac17d78814e6269
strongSwan IPsec / IKEv1 / IKEv2 Implementation For Linux
Posted Apr 12, 2007
Authored by Andreas Steffen | Site strongswan.org

strongSwan is a complete IPsec and IKEv1 implementation for Linux 2.4 and 2.6 kernels. It interoperates with most other IPsec-based VPN products. It is a descendant of the discontinued FreeS/WAN project. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A unique feature is the use of X.509 attribute certificates to implement advanced access control schemes based on group memberships.

Changes: Server side cookie support. Configuration options added. Fixed a bug in the pluto IKEv1 daemon.
tags | kernel, encryption
systems | linux
MD5 | c0af02efc760eb0ff62431a77b029d84
strongSwan IPsec / IKEv1 / IKEv2 Implementation For Linux
Posted Mar 29, 2007
Authored by Andreas Steffen | Site strongswan.org

strongSwan is a complete IPsec and IKEv1 implementation for Linux 2.4 and 2.6 kernels. It interoperates with most other IPsec-based VPN products. It is a descendant of the discontinued FreeS/WAN project. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A unique feature is the use of X.509 attribute certificates to implement advanced access control schemes based on group memberships.

Changes: Support of SHA2_384 hash function for protecting IKEv1 negotiations and support of SHA2 signatures in X.509 certificates. Serious bug fix and multiple other enhancements.
tags | kernel, encryption
systems | linux
MD5 | c79461065ea2dee47adfdeb1199b942e
strongSwan IPsec / IKEv1 / IKEv2 Implementation For Linux
Posted Feb 22, 2007
Authored by Andreas Steffen | Site strongswan.org

strongSwan is a complete IPsec and IKEv1 implementation for Linux 2.4 and 2.6 kernels. It interoperates with most other IPsec-based VPN products. It is a descendant of the discontinued FreeS/WAN project. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A unique feature is the use of X.509 attribute certificates to implement advanced access control schemes based on group memberships.

Changes: Support of SHA2_384 hash function for protecting IKEv1 negotiations and support of SHA2 signatures in X.509 certificates. Fixed a serious bug in the computation of the SHA2-512 HMAC function. Introduced testvector-based self-tests of all IKEv1 hash and hmac functions during pluto startup. Failure of a self-test currently issues a warning only but does not exit pluto [yet].
tags | kernel, encryption
systems | linux
MD5 | 720bfbbb3a0deb6964119228ed4226b4
strongSwan IPsec / IKEv1 / IKEv2 Implementation For Linux
Posted Jan 29, 2007
Authored by Andreas Steffen | Site strongswan.org

strongSwan is a complete IPsec and IKEv1 implementation for Linux 2.4 and 2.6 kernels. It interoperates with most other IPsec-based VPN products. It is a descendant of the discontinued FreeS/WAN project. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A unique feature is the use of X.509 attribute certificates to implement advanced access control schemes based on group memberships.

Changes: strongSwan now interoperates with the NCP Secure Entry Client, the Shrew Soft VPN Client, and the Cisco VPN client, doing both XAUTH and Mode Config. UNITY attributes are now recognized and UNITY_BANNER is set to a default string.
tags | kernel, encryption
systems | linux
MD5 | 57427f5b48123851a73b10d78dd4f8d6
strongSwan IPsec / IKEv1 / IKEv2 Implementation For Linux
Posted Jan 16, 2007
Authored by Andreas Steffen | Site strongswan.org

strongSwan is a complete IPsec and IKEv1 implementation for Linux 2.4 and 2.6 kernels. It interoperates with most other IPsec-based VPN products. It is a descendant of the discontinued FreeS/WAN project. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A unique feature is the use of X.509 attribute certificates to implement advanced access control schemes based on group memberships.

Changes: Support for extended authentication (XAUTH) in combination with ISAKMP Main Mode RSA or PSK authentication. Both client and server side were implemented. Handling of user credentials can be done by a run-time loadable XAUTH module. By default user credentials are stored in ipsec.secrets. Mixed PSK/RSA authentication is now possible between two hosts with static IP addresses.
tags | kernel, encryption
systems | linux
MD5 | 6a87edfa33d207ef03ccb844087e26cf
strongSwan IPsec / IKEv1 / IKEv2 Implementation For Linux
Posted Nov 2, 2006
Authored by Andreas Steffen | Site strongswan.org

strongSwan is a complete IPsec and IKEv1 implementation for Linux 2.4 and 2.6 kernels. It interoperates with most other IPsec-based VPN products. It is a descendant of the discontinued FreeS/WAN project. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A unique feature is the use of X.509 attribute certificates to implement advanced access control schemes based on group memberships.

Changes: Implementation of ModeConfig push mode via the new connection keyword modeconfig=push allows interoperability with Cisco VPN gateways. The command ipsec statusall now shows "DPD active" for all ISAKMP SAs that are under active Dead Peer Detection control.
tags | kernel, encryption
systems | linux
MD5 | 57626f52a18aa8894c090052346c9729
Page 2 of 3
Back123Next

File Archive:

February 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    1 Files
  • 2
    Feb 2nd
    2 Files
  • 3
    Feb 3rd
    17 Files
  • 4
    Feb 4th
    15 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    16 Files
  • 7
    Feb 7th
    19 Files
  • 8
    Feb 8th
    2 Files
  • 9
    Feb 9th
    2 Files
  • 10
    Feb 10th
    15 Files
  • 11
    Feb 11th
    20 Files
  • 12
    Feb 12th
    16 Files
  • 13
    Feb 13th
    19 Files
  • 14
    Feb 14th
    17 Files
  • 15
    Feb 15th
    4 Files
  • 16
    Feb 16th
    4 Files
  • 17
    Feb 17th
    34 Files
  • 18
    Feb 18th
    15 Files
  • 19
    Feb 19th
    20 Files
  • 20
    Feb 20th
    34 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files
  • 29
    Feb 29th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close