We are happy to release strongSwan 4.6.3, offering RADIUS extensions, support for resolvconf(8) and raw RSA keys, and more.
- The tnc-pdp plugin implements a RADIUS server interface allowing a strongSwan TNC server to act as a Policy Decision Point. Have a look at the tnc/tnccs-20-pdp-eap test case for an example.
- The eap-radius authentication backend enforces Session-Timeout attributes using RFC 4478 repeated authentication and acts upon RADIUS Dynamic Authorization extensions, RFC 5176. Currently supported are disconnect requests and CoA messages containing a Session-Timeout.
- The eap-radius plugin can forward arbitrary RADIUS attributes from and to clients using custom IKEv2 notify payloads. The new radattr plugin reads attributes to include from files and prints received attributes to the console.
Support for resolvconf(8)
- The resolve plugin automatically installs nameservers via resolvconf(8) instead of modifying /etc/resolv.conf directly.
Support for raw RSA keys
- The IKEv2 daemon charon supports raw RSA public keys in RFC 3110 DNSKEY and PKCS#1 file format.
These options are illustrated with the ikev2/net2net-rsa and ikev2/net2net-pubkey test cases, respectively.