strongSwan 4.5.3发布 IPsec和IKEv1的实施

strongSwan 4.5.3更新日志：

- Our private libraries (e.g. libstrongswan) are not installed directly in
&">nbsp; prefix/lib anymore.  Instead a subdirectory is used (prefix/lib/ipsec/ by
  default).  The plugins directory is also moved from libexec/ipsec/ to that
  directory.

- The dynamic IMC/IMV libraries were moved from the plugins directory to
  a new imcvs directory in the prefix/lib/ipsec/ subdirectory.

- Job priorities were introduced to prevent thread starvation caused by too
  many threads handling blocking operations (such as CRL fetching).  Refer to
  strongswan.conf(5) for details.

- Two new strongswan.conf options allow to fine-tune performance on IKEv2
  gateways by dropping IKE_SA_INIT requests on high load.

- IKEv2 charon daemon supports start PASS and DROP shunt policies
  preventing traffic to go through IPsec connections. Installation of the
  shunt policies either via the XFRM netfilter or PFKEYv2 IPsec kernel
  interfaces.

- The history of policies installed in the kernel is now tracked so that e.g.
  trap policies are correctly updated when reauthenticated SAs are terminated.

- IMC/IMV Scanner pair implementing the RFC 5792 PA-TNC (IF-M) protocol.
  Using "netstat -l" the IMC scans open listening ports on the TNC client
  and sends a port list to the IMV which based on a port policy decides if
  the client is admitted to the network.
  (--enable-imc-scanner/--enable-imv-scanner).

- IMC/IMV Test pair implementing the RFC 5792 PA-TNC (IF-M) protocol.
  (--enable-imc-test/--enable-imv-test).

- The IKEv2 close action does not use the same value as the ipsec.conf dpdaction
  setting, but the value defined by its own closeaction keyword. The action
  is triggered if the remote peer closes a CHILD_SA unexpectedly.

strongSwan是一个完整的2.4和2.6的Linux内核下的IPsec和IKEv1的实施。它也完全支持新的IKEv2协议的Linux 2.6内核。它互均IKEv1和IKEv2模式与大多数其他基于IPSec的VPN产品。的重点项目是strongSwan强认证机制，使用X.509公 开密钥证书和可选的安全储存私钥对智能卡通过一个标准化的PKCS ＃ 11接口。一个特点是使用的X.509属性证书实现了先进的访问控制方案的基础上组的成员。

下载地址：

strongswan-4.5.3.tar.bz2 2011/08/03, size 3'299'522 bytes, pgp-signature,

md5: ee7c50a90c91307b111e
8085f2479890 strongswan-4.5.3.tar.gz 2011/08/03, size 4'721'848 bytes, pgp-signature,

md5: 8336265ac715167604837005eb2ee969