[svn-upgrade] Integrating new upstream version, strongswan (2.8.1)

1 files changed, 47 insertions, 5 deletions

diff --git a/README b/README
index c0480b069..9750e63c5 100644
--- a/README
+++ b/README
@@ -57,7 +57,7 @@ Contents
   10. Monitoring functions
   11. Firewall support functions
        11.1 Environment variables in the updown script
-       11.2 Automatic insertion and deletion of iptables firewall rules  (NEW)
+       11.2 Automatic insertion and deletion of iptables firewall rules
        11.3 Sample Linux 2.6 _updown_espmark script for iptables < 1.3.5
   12. Authentication with raw RSA public keys
   13. Authentication with OpenPGP certificates
@@ -71,6 +71,7 @@ Contents
        14.3 Dead peer detection
        14.4 IKE Mode Config Pull Mode
        14.5 IKE Mode Config Push Mode
+       14.6 XAUTH - Extended Authentication  (NEW)
   15. Copyright statement and acknowledgements
 
 
@@ -105,7 +106,10 @@ and currently supports the following features:
  
   * NAT-Traversal (RFC 3947)
 
-  * Support of Virtual IPs via static configuratin and IKE Mode Config
+  * Support of Virtual IPs via static configuration and IKE Mode Config
+
+  * XAUTH client and server functionality in conjunction with either PSK
+    or RSA IKE Main Mode authentication.
 
   * Support of Delete SA and informational Notification messages.
 
@@ -3026,6 +3030,44 @@ as part of the connection definition in ipsec.conf. The default value is
 modeconfig=pull.
 
 
+14.6 XAUTH - Extended Authentication
+     -------------------------------
+
+The XAUTH protocol <draft-beaulieu-ike-xauth-02.txt> allows an extended
+client authentication using e.g. a username/password paradigm in addition
+to the IKE Main Mode authentication. Thus XAUTH can be used in conjunction
+with Pre-Shared Keys (PSK) by defining
+
+  authby=xauthpsk
+
+or with RSA signatures
+
+  authby=xauthrsasig
+
+in the connection definition, correspondingly. strongSwan can act either as
+an XAUTH client with
+
+  xauth=client
+
+or as an XAUTH server with
+
+  xauth=server
+
+with xauth=client being the default value. strongSwan integrates a default
+implementation where the XAUTH user credentials are stored on both the
+server and the client in the /etc/ipsec.secrets file, using the syntax
+
+  : XAUTH john "rT6q!V2p"
+
+The client must not have more than one XAUTH entry whereas the server can
+contain an unlimited number of user credentials in ipsec.secrets.
+
+Either the prompting on the client side or the verification of the user
+credentials on the server side can be implemented as a customized XAUTH
+dynamic library module. The corresponding library interface is defined
+by the pluto/xauth.h header file.
+
+
 15. Copyright statement and acknowledgements
     ----------------------------------------
 
@@ -3059,7 +3101,7 @@ modeconfig=pull.
 
 		   Copyright (c) 2002, Stephane Laroche
 
-		        IKE Mode Config protocol:
+		        IKE Mode Config and XAUTH protocol:
 
 		   Copyright (c) 2001-2002, Colubris Networks
 
@@ -3090,7 +3132,7 @@ modeconfig=pull.
 				scepclient:
 
                Copyright (c) 2005, Jan Hutter, Martin Willi
-               Copyright (c) 2005-2006, Andreas Steffen
+               Copyright (c) 2005-2007, Andreas Steffen
 
         University of Applied Sciences in Rapperswil, Switzerland
 
@@ -3105,5 +3147,5 @@ modeconfig=pull.
   for more details.
 -----------------------------------------------------------------------------
 
-This file is RCSID $Id: README,v 1.36 2006/10/20 15:43:51 as Exp $
+This file is RCSID $Id: README,v 1.38 2007/01/14 18:16:51 as Exp $