We are proud to announce the release of strongSwan 5.2.0, which brings a native Windows port, a more flexible configuration and control interface and many other new features and fixes.
strongSwan has been ported to the Windows platform. Using a MinGW toolchain, many parts of the strongSwan codebase run natively on Windows 7 / 2008 R2 and newer releases.
charon-svc implements a Windows IKE service based on libcharon, the kernel-iph and kernel-wfp plugins act as networking and IPsec backend on the Windows platform. socket-win provides a native IKE socket implementation, while winhttp fetches CRL and OCSP information using the WinHTTP API.
The new vici plugin provides a Versatile IKE Configuration Interface for the charon IKE daemon. Using the stable IPC interface, external applications can configure, control and monitor the IKE daemon. Instead of scripting the ipsec tool and generating ipsec.conf files, third party applications can use the new interface for more control and better reliability.
Built upon the libvici client library, swanctl implements the first user of the VICI interface. Together with a swanctl.conf configuration file, connections can be defined, loaded and managed. swanctl provides a portable, complete IKE configuration and control interface for the command line.
We added several swanctl examples to our testing environment.
The SWID IMC can extract all installed packages from the dpkg
(Debian, Ubuntu, etc.), rpm
(Fedora, RedHat, etc.), or pacman
(Arch Linux, Manjaro, etc.) package managers, respectively, using the swidGenerator which generates SWID tags according to the new ISO/IEC 19770-2:2014 standard.
The SWID IMV implements a JSON-based REST API which allows the exchange of SWID tags and Software IDs with the strongTNC policy manager.
This is demonstrated in the tnccs-20-pdp-eap and tnccs-20-pt-tls test cases.
The Attestation IMC/IMV pair supports the IMA-NG measurement format introduced with the Linux 3.13 kernel. The new aikgen tool generates an Attestation Identity Key bound to a TPM.
All IMVs now share the access requestor ID, device ID and product info of an access requestor via a common imv_session object. The PT-EAP transport protocol (RFC 7171) for Trusted Network Connect has also been implemented.
Download it from here - a more extensive changelog can be found on our wiki.