diff options
author | Andreas Steffen <andreas.steffen@strongswan.org> | 2011-07-14 09:25:36 +0200 |
---|---|---|
committer | Andreas Steffen <andreas.steffen@strongswan.org> | 2011-07-14 09:25:36 +0200 |
commit | b18a697ae6263aba6f54251d58316f7e6028fd30 (patch) | |
tree | b07b161f82079fbc7259ab6923211b8d09c08d32 /NEWS | |
parent | 0f182737b25a3d1f5c09a24d122d751d59b3e0dd (diff) | |
download | strongswan-b18a697ae6263aba6f54251d58316f7e6028fd30.tar.bz2 strongswan-b18a697ae6263aba6f54251d58316f7e6028fd30.tar.xz |
NEWS for the 4.5.3dr8 release
Diffstat (limited to 'NEWS')
-rw-r--r-- | NEWS | 18 |
1 files changed, 14 insertions, 4 deletions
@@ -2,17 +2,27 @@ strongswan-4.5.3 ---------------- - Our private libraries (e.g. libstrongswan) are not installed directly in - prefix/lib anymore. Instead a subdirectory is used (prefix/lib/ipsec by - default). The plugins directory is also moved from libexec/ipsec to that + prefix/lib anymore. Instead a subdirectory is used (prefix/lib/ipsec/ by + default). The plugins directory is also moved from libexec/ipsec/ to that directory. +- The dynamic IMC/IMV libraries were moved from the plugins directory to + a new imcvs directory in the prefix/lib/ipsec/ subdirectory. + - IKEv2 charon daemon supports start PASS and DROP shunt policies - preventing traffic to go through IPsec connections. + preventing traffic to go through IPsec connections. Installation of the + shunt policies either via the XFRM netfilter or PFKEYv2 IPsec kernel interfaces. - The history of policies installed in the kernel is now tracked so that e.g. trap policies are correctly updated when reauthenticated SAs are terminated. -- IMC/IMV test pair implementing the RFC 5792 PA-TNC (IF-M) protocol. +- IMC/IMV Scanner pair implementing the RFC 5792 PA-TNC (IF-M) protocol. + Using "netstat -l" the IMC scans open listening ports on the TNC client + and sends a port list to the IMV which based on a port policy decides if + the client is admitted to the network. + (--enable-imc-scanner/--enable-imv-scanner). + +- IMC/IMV Test pair implementing the RFC 5792 PA-TNC (IF-M) protocol. (--enable-imc-test/--enable-imv-test). - The IKEv2 close action does not use the same value as the ipsec.conf dpdaction |