OCSP/CRL checking in IKEv2 has been moved to the revocation plugin, enabled by default.The openssl plugin now supports X.509 certificate and CRL functions.The PLUTO_MARK_IN and PLUTO_ESP_ENC environment variables can be used in a user-specific updown script to set marks on inbound ESP or ESP_IN_UDP packets.For details see the example scenarios ikev2/nat-two-rw-mark, ikev2/rw-nat-mark-in-out and ikev2/net2net-psk-dscp. Support of xfrm marks in IPsec SAs and IPsec policies introduced with the Linux 2.6.34 kernel.Fixed the interoperability of the socket_raw and socket_default charon plugins.Fixed the alignment of ModeConfig messages on 4-byte boundaries in the case where the attributes are not a multiple of 4 bytes (e.g.Fixed a bug not releasing a virtual IP address to a pool if the XAUTH identity was different from the IKE identity.Fixed left-/rightnexthop option, which was broken since 4.4.0.Improved MOBIKE behavior in several corner cases, for instance, if the initial responder moves to a different address. It currently shows activity of the IKE daemon and is a good example how to implement a simple event listener.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |