Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Strongswan version

    Scheduled Pinned Locked Moved 2.3.3 Development Snapshots
    6 Posts 3 Posters 3.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • O
      os
      last edited by

      Is Strongswan opdated to 5.5.1 in pfSense 2.3.3?

      To fix:
      •IKE and ESP/AH proposals configured as strings in ipsec.conf and swanctl.conf (or VICI) are now
      checked to avoid invalid proposals. For instance, the presence of DH, PRF and encryption algorithms
      for IKE proposal are now enforced and AEAD and regular encryption algorithms are not allowed in
      the same proposal anymore. Also fixed is the mapping of the aes*gmac keywords to an integrity
      algorithm in AH proposals.

      1 Reply Last reply Reply Quote 0
      • D
        doktornotor Banned
        last edited by

        $ pkg info strongswan
        strongswan-5.5.0
        Name           : strongswan
        Version        : 5.5.0
        Installed on   : Tue Oct 11 23:43:36 2016 CEST
        Origin         : security/strongswan
        Architecture   : freebsd:10:x86:64
        Prefix         : /usr/local
        Categories     : security
        Licenses       : GPLv2
        Maintainer     : strongswan@nanoteq.com
        WWW            : http://www.strongswan.org
        Comment        : Open Source IKEv2 IPsec-based VPN solution
        Options        :
                BUILTIN        : off
                CURL           : on
                EAPAKA3GPP2    : off
                EAPDYNAMIC     : on
                EAPRADIUS      : on
                EAPSIMFILE     : on
                GCM            : off
                IKEv1          : on
                IPSECKEY       : on
                KERNELLIBIPSEC : off
                LDAP           : off
                LIBC           : off
                LOADTESTER     : off
                MYSQL          : off
                PKI            : on
                SCEP           : off
                SMP            : off
                SQLITE         : off
                SWANCTL        : on
                TESTVECTOR     : off
                UNBOUND        : on
                UNITY          : on
                VICI           : on
                VSTR           : on
                XAUTH          : on
        Shared Libs required:
                libcurl.so.4
                libldns.so.1
                libunbound.so.2
                libvstr-1.0.so.0
        Shared Libs provided:
                libstrongswan-xauth-generic.so
                libstrongswan-resolve.so
                libstrongswan-curl.so
                libstrongswan-sha1.so
                libstrongswan-random.so
                libcharon.so.0
                libstrongswan-des.so
                libstrongswan-attr.so
                libstrongswan-nonce.so
                libstrongswan-pkcs12.so
                libstrongswan-eap-radius.so
                libstrongswan-cmac.so
                libstrongswan-pubkey.so
                libstrongswan-rc2.so
                libstrongswan-openssl.so
                libstrongswan-md5.so
                libstrongswan-fips-prf.so
                libvici.so.0
                libstrongswan-addrblock.so
                libstrongswan-vici.so
                libstrongswan-eap-tls.so
                libstrongswan-eap-identity.so
                libstrongswan-ipseckey.so
                libtls.so.0
                libstrongswan-aes.so
                libstrongswan-xcbc.so
                libstrongswan-eap-sim-file.so
                libstrongswan-whitelist.so
                libstrongswan-pkcs1.so
                libstrongswan-unbound.so
                libstrongswan-eap-md5.so
                libstrongswan-kernel-pfroute.so
                libstrongswan-eap-ttls.so
                libstrongswan-revocation.so
                libstrongswan-updown.so
                libstrongswan-md4.so
                libstrongswan-eap-sim.so
                libstrongswan-eap-peap.so
                libstrongswan-pem.so
                libstrongswan-dnskey.so
                libstrongswan-unity.so
                libradius.so.0
                libstrongswan-pkcs8.so
                libstrongswan-blowfish.so
                libstrongswan-xauth-eap.so
                libstrongswan-x509.so
                libstrongswan-sha2.so
                libstrongswan-socket-default.so
                libstrongswan-eap-dynamic.so
                libsimaka.so.0
                libstrongswan-hmac.so
                libstrongswan-pgp.so
                libstrongswan-stroke.so
                libstrongswan-sshkey.so
                libstrongswan-kernel-pfkey.so
                libstrongswan-constraints.so
                libstrongswan-eap-mschapv2.so
                libstrongswan-pkcs7.so
                libstrongswan.so.0
        Annotations    :
                cpe            : cpe:2.3:a:strongswan:strongswan:5.5.0:::::freebsd10:x64
                repo_type      : binary
                repository     : pfSense
        Flat size      : 5.96MiB
        Description    :
        Strongswan is an open source IPsec-based VPN solution.
        Strongswan for FreeBSD implements both the IKEv1 and IKEv2 (RFC 5996) key
        exchange protocols.
        
        WWW: http://www.strongswan.org
        
        
        1 Reply Last reply Reply Quote 0
        • jimpJ
          jimp Rebel Alliance Developer Netgate
          last edited by

          It isn't in FreeBSD ports yet, but that will be corrected shortly and should show up in 2.4/2.3.3 in the near future.

          We thought about skipping 5.5.1 and going to 5.5.2 but that isn't going to be out for a few months.

          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

          Need help fast? Netgate Global Support!

          Do not Chat/PM for help!

          1 Reply Last reply Reply Quote 0
          • O
            os
            last edited by

            When do you expect to release 2.3.3/2.4.0?

            1 Reply Last reply Reply Quote 0
            • jimpJ
              jimp Rebel Alliance Developer Netgate
              last edited by

              No solid ETA on either one, 2.4 will be next. We're working to get it out as soon as we can, talking in terms of weeks, not months.

              Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

              Need help fast? Netgate Global Support!

              Do not Chat/PM for help!

              1 Reply Last reply Reply Quote 0
              • D
                doktornotor Banned
                last edited by

                5.5.1 is there now on the latest 2.3.3 snapshots.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.