2011/01/19
New versions released !!!- libopenikev2 0.6:
-
- Support for several EAP methods for both, client and server.
- Lots of bugfixes.
- Solved building issues for new GCC versions.
- libopenikev2_impl 0.6:
-
- Support for several EAP methods for both, client and server.
- Lots of bugfixes.
- Solved building issues for new GCC versions.
- Router Advertisement capabilities.
- Experimental MOBIKE support (no documentation, read the code)
- openikev2 0.96:
-
- Support for several EAP methods for both, client and server.
- Lots of bugfixes.
- Solved building issues for new GCC versions.
- Router Advertisement capabilities.
- Experimental MOBIKE support (no documentation, read the code)
2008/02/20
New versions released !!!- libopenikev2 0.5:
-
- New authentication infrastructure, allowing extensibility.
- Improved the configuration subsystem. Now, each peer configuration is selected based on the peer IP address, not in the peer ID, and it is maintained for all the IKE_SA lifetime.
- Improved stability.
- Lot of bug fixes.
- libopenikev2_impl 0.5:
-
- Improved server EAP-MD5 support (now it is compliant with the standards).
- Implemented client EAP-MD5 and EAP-TLS support, using wpa-supplicant code for the EAP state machine.
- RADIUS support for EAP authentication (server side).
- Added suppor for greater DH groups (5, 14, 15, 16, 17, 18).
- Lot of bug fixes.
- openikev2 0.95:
-
- New experimental monitoring interface (openikev2_monitor application).
- Changes to the configuration file format, in order to be adapted for the new configuration and authentication subsystems (see the example file).
- tests:
-
- tests application has been removed from the project.
You can download it here
2007/07/27
New versions released !!!- libopenikev2 0.4:
-
- Huge code refactoring, including:
-
- Intensive use of the RAII programming idiom (autopointers, autolocks, autovectors...), avoiding the use of the "delete".
- Use of references when there was no need for more.
- Name classes changes, to avoid the "_" at most as possible.
- Code factorization, reusing the code for the CHILD SA negotiation from the IKE_AUTH and the CREATE_CHILD_SA exchanges. Also the code for the IKE_SA negotiation from the IKE_SA_INIT and CREATE_CHILD_SA exchanges has been factorized.
- BTNS support added (that's is, no authentication at all at IKEv2 level)
- Lot of bug fixes.
- libopenikev2_impl 0.4:
-
- Huge code refactoring, including:
-
- Intensive use of the RAII programming idiom (autopointers, autolocks, autovectors...), avoiding the use of the "delete".
- Use of references when there was no need for more.
- Name classes changes, to avoid the "_" at most as possible.
- Disabled PFKEYv2 IPsec management interface. It may be available in future versions.
- Certificate support has been improved:
-
- Alternate name is now consulted to match with the ID payload.
- Improved DN management (subject name and issuer name). Now they are shown propertly.
- Lot of bug fixes.
- openikev2 0.94:
-
- Addded support for BTNS in the configuration file.
- PFKEYv2 is not available in this version, so if you want to use it ,keep using 0.93 version (and 0.3 library versions).
- Addapted to the new libopenikev2 an libopenikev2_impl API (0.4 version).
- tests 0.4
-
- Changed in order to be compatible to libopenikev2 and libopenikev2_impl 0.4 version.
You can download it here.
2007/07/05
Comparative tables udpdatedThe comparative tables has been updated in order to show the new features of the other implementations.
2007/06/04
A new release is comingWe are finalizing the details of the new release. In a few time it will be available here.
2007/02/20
Big code refactoring in progressWe are performing a big code refactoring, in order to make the code clearer, to avoid memory leaks by using the RAII programming idiom, and to factorize the common behaviour to avoid code replication. With this we want to have the most robust openikev2 version ever.
We have a lot of non related work, so it will take us some time. Please, be patient :)
2006/12/15
Comparative tables udpdatedThe comparative tables has been updated in order to show the new features of the other implementations.
2006/08/30
Comparative tables udpdatedThe comparative tables has been updated in order to show the new features of the other implementations.
2006/08/25
New versions released !!!- libopenikev2 0.3:
-
- All classes are now into "openikev2" namespace to avoid name collision with other libraries.
- New threading subsystem. Now there is a pool of CommandExecuter (Threads) that execute IKE_SA_Controller Commands. This solves simultaneous established IKE_SAs limitation (previously it was limited by the maximun number of concurrent threads supported by the OS).
- Improved the IKE_SA and CHILD_SA state machine. New states have been added in order to detect special condition like exchange collisions or redundant SAs.
- All exchange collisions that appears in the IKEv2 clarification document have been covered.
- Enhanced the Log subsystem. Now it has clearer and precise output.
- Now MessageController has been removed and its functionality has been distributed intoNetworkController, ThreadController and CryptoController.
- A lot of bugs fixed and optimizations.
- libopenikev2_impl 0.3:
-
- All classes are now into "openikev2" namespace to avoid name collision with other libraries.
- Added ID_DER_ASN1_DN identification type support. It can be extracted from a Certificate_X509 class.
- Improved DHCP client. Now it renews the lease while the IKE_SA is still opened.
- A Facade to manage in a easy way OpenIKEv2 functionality is being developed. There are few Facade features available.
- All classes are now into "openikev2" namespace to avoid name collision with other libraries.
- openikev2 0.93:
-
- No relevant changes. Addapted to the new libopenikev2 an libopenikev2_impl API (0.3 version).
- tests 0.3
-
- Changed in order to be compatible to libopenikev2 and libopenikev2_impl 0.3 version.
- Skipped 0.2 version in order to match library versions
- Partial use of Facade.
You can download it here.
2006/05/25
New versions released !!!- libopenikev2 0.2:
-
- All the address configuration methods (used in RoadWarrior scenario) are now abstract. The concrete implementations must define all the related behaviour with CONF payloads.
- All the address configuration related attributes have been removed from the IKE_Configuration class. Now, concrete implementations must use the AttributeMap to define its own custom attributes.
- libopenikev2_impl 0.2:
-
- The address configuration establishment has been improved. Now the new address obtained from the IRAS is assigned to a new created interface called "tunX" (where X is a number).
- Now, the configure script detects if the kernel supports policy priorities using both, XFRM and PFKEY. If no priority support is detected, the priority parameter in the create_Policy() method is ommited.
- All the methods in all the classes has been "virtualized" to allow to define subclasses that modify only part of the implementation behaviour.
- openikev2 0.92:
-
- Adapted the ConfigurerLibConfuse to the new Configuration API (using the AttributeMap values).
- The statistical times have been improved. Now, rekeying times are also displayed and the no created IKE_SAs are hidden.
- Now, openikev2 will check also for the kernel headers to avoid compilation errors.
- tests 0.1
-
- New release.
- New release.
You can download it here.
2006/05/15
New OpenIKEv2 release !!!The OpenIKEv2 project has been splitted into three packages: libopenikev2, libopenikev2_impl and openikev2. This should simplify the creation of new applications using the libopenikev2 library.
The main changes are:
- libopenikev2 0.1:
-
- Improved traffic selector, in order to allow manage ICMP type and code propertly.
- Improved the security policy creation method.
- Header files are installed into the $prefix/libopenikev2 directory.
- VENDOR payload implemented.
- libopenikev2_impl 0.1:
-
- Support of "Repeated Authentication in IKEv2" (RFC 4478)
- Header files are installed into the $prefix/libopenikev2_impl directory.
- openikev2 0.91:
-
- New parameters in the configuration file:
-
- "generate_allow_policies": Generates automatically the needed security policies that allows the IKEv2 traffic.
- Policy direction allows the "all" value that creates automatically the "out", "in" and "fwd" policies. Be aware of specificate the policy in the same way that "out" direction
- "reauth_time": Defines the maximum time the responder wants to wait before peer forces a reauthentication.
- "vendor_id": Defines the VENDOR_ID as a string.
- Now, some debug statistical authentication times are calculated and printed when openikev2 finishes
You can download it here.
2006/04/28
OpenIKEv2 0.9 released !!!Main changes are:
- Certificate support. openikev2 supports X509 certificates and implemented the "HASH & URL" mechanism.
- Improved the authentication mechanism to support more authentication methods like PSK, CERT, RSA, ...
- Some improvements in Thread subsystem in order to make it easier.
- Policies can be configured in the configuration file. It is useful to avoid the use of "setkey" or "ip xfrm" to set the policies.
- Some bugs fixed.
See the ChangeLog to see a more complete change list. Remember to make backups of the configuration files before install the new release. They will be overwritten. The configuration file is not fully compatible with previous versions.
You can download it here.
2006/03/30
OpenIKEv2 0.81 released !!!Main changes are:
- Bug fixed dealing with background execution.
You can download it here.
2006/03/27
OpenIKEv2 0.8 released !!!Main changes are:
- EAP transport support added.
- Some bugs fixed.
Remember to make backups of the configuration files before install the new release. They will be overwritten.
You can download it here.
2006/03/21
OpenIKEv2 0.74 released !!!Main changes are:
- DHCP support
-
- Now, libopenikev2 and openikev2 support to use a DHCP server to assign the internal address in the RoadWarrior scenario.
- Extensible payload notification management
-
- Now libopenikev2 supports to extend the payload notification processing in order to allow applications to define new notification types and their treatment.
- Many enhacements in log output.
- Some bugfixed.
See the ChangeLog to see a more complete change list.
Remember to make backups of the configuration files before install the new release. They will be overwritten.You can download it here.
2006/01/18
OpenIKEv2 0.7 released !!!
Main changes are:
- API improved
-
- Bus Event subsystem completed.
- Some method parameters changed.
- API documentation now available here.
- Stability improved
-
- Better exchange collitions control.
- Several memory bugs fixed.
- Configuration enhanced
-
- Possibility to choose what log and ipsec implementation want to use.
- Configuration file allows to choose the desired log mask and to set the address configuration parameters (for roadwarrior scenario).
See the ChangeLog to see a more complete change list.
Remember to make backups of the configuration files before install the new release. They will be overwritten.
You can download it here.
2005/12/28
OpenIKEv2 0.62 released !!!
This is mainly a bugfix release, but some changes are included. See the ChangeLog to know more.
You can download it here.2005/12/25
New web design. We have improved the web design to make the page clearer.
2005/12/24
IKEv2 RFC has been finally released. Its reference number is 4306.
You can download it from ftp://ftp.rfc-editor.org/in-notes/rfc4306.txt
2005/12/12
OpenIKEv2 0.6 released !!!
This is the first public OpenIKEv2 release. You can see the ChangeLog here to view the full project history. You can download it here.