Strongswan version



  • Is Strongswan opdated to 5.5.1 in pfSense 2.3.3?

    To fix:
    •IKE and ESP/AH proposals configured as strings in ipsec.conf and swanctl.conf (or VICI) are now
    checked to avoid invalid proposals. For instance, the presence of DH, PRF and encryption algorithms
    for IKE proposal are now enforced and AEAD and regular encryption algorithms are not allowed in
    the same proposal anymore. Also fixed is the mapping of the aes*gmac keywords to an integrity
    algorithm in AH proposals.


  • Banned

    $ pkg info strongswan
    strongswan-5.5.0
    Name           : strongswan
    Version        : 5.5.0
    Installed on   : Tue Oct 11 23:43:36 2016 CEST
    Origin         : security/strongswan
    Architecture   : freebsd:10:x86:64
    Prefix         : /usr/local
    Categories     : security
    Licenses       : GPLv2
    Maintainer     : strongswan@nanoteq.com
    WWW            : http://www.strongswan.org
    Comment        : Open Source IKEv2 IPsec-based VPN solution
    Options        :
            BUILTIN        : off
            CURL           : on
            EAPAKA3GPP2    : off
            EAPDYNAMIC     : on
            EAPRADIUS      : on
            EAPSIMFILE     : on
            GCM            : off
            IKEv1          : on
            IPSECKEY       : on
            KERNELLIBIPSEC : off
            LDAP           : off
            LIBC           : off
            LOADTESTER     : off
            MYSQL          : off
            PKI            : on
            SCEP           : off
            SMP            : off
            SQLITE         : off
            SWANCTL        : on
            TESTVECTOR     : off
            UNBOUND        : on
            UNITY          : on
            VICI           : on
            VSTR           : on
            XAUTH          : on
    Shared Libs required:
            libcurl.so.4
            libldns.so.1
            libunbound.so.2
            libvstr-1.0.so.0
    Shared Libs provided:
            libstrongswan-xauth-generic.so
            libstrongswan-resolve.so
            libstrongswan-curl.so
            libstrongswan-sha1.so
            libstrongswan-random.so
            libcharon.so.0
            libstrongswan-des.so
            libstrongswan-attr.so
            libstrongswan-nonce.so
            libstrongswan-pkcs12.so
            libstrongswan-eap-radius.so
            libstrongswan-cmac.so
            libstrongswan-pubkey.so
            libstrongswan-rc2.so
            libstrongswan-openssl.so
            libstrongswan-md5.so
            libstrongswan-fips-prf.so
            libvici.so.0
            libstrongswan-addrblock.so
            libstrongswan-vici.so
            libstrongswan-eap-tls.so
            libstrongswan-eap-identity.so
            libstrongswan-ipseckey.so
            libtls.so.0
            libstrongswan-aes.so
            libstrongswan-xcbc.so
            libstrongswan-eap-sim-file.so
            libstrongswan-whitelist.so
            libstrongswan-pkcs1.so
            libstrongswan-unbound.so
            libstrongswan-eap-md5.so
            libstrongswan-kernel-pfroute.so
            libstrongswan-eap-ttls.so
            libstrongswan-revocation.so
            libstrongswan-updown.so
            libstrongswan-md4.so
            libstrongswan-eap-sim.so
            libstrongswan-eap-peap.so
            libstrongswan-pem.so
            libstrongswan-dnskey.so
            libstrongswan-unity.so
            libradius.so.0
            libstrongswan-pkcs8.so
            libstrongswan-blowfish.so
            libstrongswan-xauth-eap.so
            libstrongswan-x509.so
            libstrongswan-sha2.so
            libstrongswan-socket-default.so
            libstrongswan-eap-dynamic.so
            libsimaka.so.0
            libstrongswan-hmac.so
            libstrongswan-pgp.so
            libstrongswan-stroke.so
            libstrongswan-sshkey.so
            libstrongswan-kernel-pfkey.so
            libstrongswan-constraints.so
            libstrongswan-eap-mschapv2.so
            libstrongswan-pkcs7.so
            libstrongswan.so.0
    Annotations    :
            cpe            : cpe:2.3:a:strongswan:strongswan:5.5.0:::::freebsd10:x64
            repo_type      : binary
            repository     : pfSense
    Flat size      : 5.96MiB
    Description    :
    Strongswan is an open source IPsec-based VPN solution.
    Strongswan for FreeBSD implements both the IKEv1 and IKEv2 (RFC 5996) key
    exchange protocols.
    
    WWW: http://www.strongswan.org
    
    

  • Rebel Alliance Developer Netgate

    It isn't in FreeBSD ports yet, but that will be corrected shortly and should show up in 2.4/2.3.3 in the near future.

    We thought about skipping 5.5.1 and going to 5.5.2 but that isn't going to be out for a few months.



  • When do you expect to release 2.3.3/2.4.0?


  • Rebel Alliance Developer Netgate

    No solid ETA on either one, 2.4 will be next. We're working to get it out as soon as we can, talking in terms of weeks, not months.


  • Banned

    5.5.1 is there now on the latest 2.3.3 snapshots.