From: Michael Tremer <michael.tremer@ipfire.org>
To: development@lists.ipfire.org
Subject: [Development] Strongswan 5.0.0
Date: Fri, 03 Aug 2012 14:58:16 +0200 [thread overview]
Message-ID: <1343998696.7540.9.camel@rice-oxley.tremer.info> (raw)
[-- Attachment #1: Type: text/plain, Size: 1759 bytes --]
Hello,
as Core Update 61 has now been released, it is time to go on with
developments for the next one:
I have updated strongswan to version 5.0.0 which finally removes the
pluto daemon which was responsible for IKEv1 connections.
However, pluto has gotten very old and was created in the beginnings of
the IPsec for Linux developments back in freeswan times.
charon was introduced by strongswan some time ago when IKEv2 connections
got supported. It handles IKEv1 connections as well as IKEv2 connections
since strongswan version 5.0.0.
What are the benefits for IPFire?
As mentioned earlier, pluto is very old and got very hard to maintain.
There have been problems with VPNs that terminate at hosts with dynamic
IP addresses, so we needed to restart the entire IPsec subsystem in
intervals of 5 minutes.
This caused some trouble in stability terms.
charon handles those dynamic endpoints much better without the need to
restart anything. Connections may now be added and removed smoothly and
in total there should be much more connection stability.
There is also some new code for hybrid IPsec VPNs which can be used with
Android 4 and maybe Apple iOS. I have not done any investigation on this
topic, because I am not interested, but hopefully somebody else gives it
a shot.
I have now packaged the changes into a small package which wants to be
installed on your system.
http://people.ipfire.org/~ms/unsupported/core-upgrade-2.11-strongswan.ipfire
It should not require any manual interaction at all. Please install and
give me feedback about the connection stability and the interoperability
with other (proprietary) implementations.
I am looking forward to it.
Michael
P.S. If you reply to this mail make sure to keep both mailing lists.
next reply other threads:[~2012-08-03 12:58 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-08-03 12:58 Michael Tremer [this message]
2012-08-06 15:21 ` Stefan Schantl
2012-08-06 15:36 ` Michael Tremer
2012-08-06 19:48 ` Stefan Schantl
2012-08-06 21:11 ` Michael Tremer
2012-08-07 11:09 ` Stefan Schantl
2012-08-07 15:08 ` Michael Tremer
[not found] <0F362495-84A1-4E4E-9420-34BF53F4595F@ipfire.org>
2012-08-07 9:13 ` Michael Tremer
2012-08-07 9:24 ` Erik K.
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1343998696.7540.9.camel@rice-oxley.tremer.info \
--to=michael.tremer@ipfire.org \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox