Download

More Information

strongSwan

Changes: The IKEv1 and IKEv2 daemons now share the same crypto framework. Either the built-in algorithms or the OpenSSL or GNU libgcrypt libraries can be used. During startup, self-tests for all cryptographic algorithms are executed. The IKEv1 daemon supports elliptic curve Diffie-Hellman groups and ECDSA signatures. Two minor DoS vulnerabilities in the ASN.1 parser were fixed.

Changes: This release fixes two DoS vulnerabilities in the charon daemon that were discovered by fuzzing techniques. A couple of bugs caused by the massive 4.3.0 refactoring were fixed.

Changes: This release implements IKEv2 Multiple Authentication Exchanges (RFC 4739). Refactored IKEv1 pluto code uses the libstrongswan library for basic functions. Up to two DNS and WINS servers to be sent via the IKEv1 ModeConfig protocol can thus be configured via strongswan.conf attributes.

Changes: A vulnerability in the Dead Peer Detection (RFC 3706) code was found affecting all strongSwan releases (CVE-2009-0790). A malicious or expired ISAKMP R_U_THERE or R_U_THERE_ACK DPD packet can cause the pluto IKEv1 daemon to crash and restart. The new server-side IKEv2 EAP RADIUS plugin relays EAP messages to and from a RADIUS server. It has been successfully tested with a FreeRadius server using EAP-MD5 and EAP-SIM.

Changes: A couple of minor bugs in the IKEv1 and IKEv2 daemons were fixed.