Strongswan version
-
Is Strongswan opdated to 5.5.1 in pfSense 2.3.3?
To fix:
•IKE and ESP/AH proposals configured as strings in ipsec.conf and swanctl.conf (or VICI) are now
checked to avoid invalid proposals. For instance, the presence of DH, PRF and encryption algorithms
for IKE proposal are now enforced and AEAD and regular encryption algorithms are not allowed in
the same proposal anymore. Also fixed is the mapping of the aes*gmac keywords to an integrity
algorithm in AH proposals. -
$ pkg info strongswan strongswan-5.5.0 Name : strongswan Version : 5.5.0 Installed on : Tue Oct 11 23:43:36 2016 CEST Origin : security/strongswan Architecture : freebsd:10:x86:64 Prefix : /usr/local Categories : security Licenses : GPLv2 Maintainer : strongswan@nanoteq.com WWW : http://www.strongswan.org Comment : Open Source IKEv2 IPsec-based VPN solution Options : BUILTIN : off CURL : on EAPAKA3GPP2 : off EAPDYNAMIC : on EAPRADIUS : on EAPSIMFILE : on GCM : off IKEv1 : on IPSECKEY : on KERNELLIBIPSEC : off LDAP : off LIBC : off LOADTESTER : off MYSQL : off PKI : on SCEP : off SMP : off SQLITE : off SWANCTL : on TESTVECTOR : off UNBOUND : on UNITY : on VICI : on VSTR : on XAUTH : on Shared Libs required: libcurl.so.4 libldns.so.1 libunbound.so.2 libvstr-1.0.so.0 Shared Libs provided: libstrongswan-xauth-generic.so libstrongswan-resolve.so libstrongswan-curl.so libstrongswan-sha1.so libstrongswan-random.so libcharon.so.0 libstrongswan-des.so libstrongswan-attr.so libstrongswan-nonce.so libstrongswan-pkcs12.so libstrongswan-eap-radius.so libstrongswan-cmac.so libstrongswan-pubkey.so libstrongswan-rc2.so libstrongswan-openssl.so libstrongswan-md5.so libstrongswan-fips-prf.so libvici.so.0 libstrongswan-addrblock.so libstrongswan-vici.so libstrongswan-eap-tls.so libstrongswan-eap-identity.so libstrongswan-ipseckey.so libtls.so.0 libstrongswan-aes.so libstrongswan-xcbc.so libstrongswan-eap-sim-file.so libstrongswan-whitelist.so libstrongswan-pkcs1.so libstrongswan-unbound.so libstrongswan-eap-md5.so libstrongswan-kernel-pfroute.so libstrongswan-eap-ttls.so libstrongswan-revocation.so libstrongswan-updown.so libstrongswan-md4.so libstrongswan-eap-sim.so libstrongswan-eap-peap.so libstrongswan-pem.so libstrongswan-dnskey.so libstrongswan-unity.so libradius.so.0 libstrongswan-pkcs8.so libstrongswan-blowfish.so libstrongswan-xauth-eap.so libstrongswan-x509.so libstrongswan-sha2.so libstrongswan-socket-default.so libstrongswan-eap-dynamic.so libsimaka.so.0 libstrongswan-hmac.so libstrongswan-pgp.so libstrongswan-stroke.so libstrongswan-sshkey.so libstrongswan-kernel-pfkey.so libstrongswan-constraints.so libstrongswan-eap-mschapv2.so libstrongswan-pkcs7.so libstrongswan.so.0 Annotations : cpe : cpe:2.3:a:strongswan:strongswan:5.5.0:::::freebsd10:x64 repo_type : binary repository : pfSense Flat size : 5.96MiB Description : Strongswan is an open source IPsec-based VPN solution. Strongswan for FreeBSD implements both the IKEv1 and IKEv2 (RFC 5996) key exchange protocols. WWW: http://www.strongswan.org -
It isn't in FreeBSD ports yet, but that will be corrected shortly and should show up in 2.4/2.3.3 in the near future.
We thought about skipping 5.5.1 and going to 5.5.2 but that isn't going to be out for a few months.
-
When do you expect to release 2.3.3/2.4.0?
-
No solid ETA on either one, 2.4 will be next. We're working to get it out as soon as we can, talking in terms of weeks, not months.
-
5.5.1 is there now on the latest 2.3.3 snapshots.