diff options
| author | Yves-Alexis Perez <corsac@debian.org> | 2014-03-12 10:31:40 +0100 |
|---|---|---|
| committer | Yves-Alexis Perez <corsac@debian.org> | 2014-03-12 10:56:08 +0100 |
| commit | 72448f305c65fb08b0e8db0b56435a2486226f31 (patch) | |
| tree | b74656121dd9a129deff8e58913d6b317ea5933e /debian/NEWS | |
| parent | 0932ba90885dd077017853610c42b49b125f68ba (diff) | |
| download | vyos-strongswan-72448f305c65fb08b0e8db0b56435a2486226f31.tar.gz vyos-strongswan-72448f305c65fb08b0e8db0b56435a2486226f31.zip | |
Fix spurious entry in debian/NEWS.
* debian/NEWS:
- fix spurious entry.
Diffstat (limited to 'debian/NEWS')
| -rw-r--r-- | debian/NEWS | 32 |
1 files changed, 0 insertions, 32 deletions
diff --git a/debian/NEWS b/debian/NEWS index af017f769..a1703e49b 100644 --- a/debian/NEWS +++ b/debian/NEWS @@ -65,35 +65,3 @@ strongswan (4.5.0-1) unstable; urgency=low Local variables: mode: debian-changelog End: -strongswan (5.1.0-1) unstable; urgency=low - - Starting with strongswan 4.5.0 upstream, the IKEv2 protocol is now the - default. This can easily be changed using the keyexchange=ikev1 config - option (either in the respective "conn" section or by putting it in the - "default" section and therefore applying it to all existing connections). - - The IKEv2 protocol has less overhead, more features (e.g. NAT-Traversal by - default, MOBIKE, Mobile IPv6), and provides better error messages in case - the connection can not be established. It is therefore highly recommended - to use it when the other side also supports it. - - Addtionally, strongswan 4.5.0-1 now enables support for NAT Traversal in - combination with IPsec transport mode (the support for this has existed - for a long time, but was disabled due to security concerns). This is - required e.g. to let mobile phone clients (notably Android, iPhone) - connect to an L2TP/IPsec gateway using strongswan. The security - implications as described in the original README.NAT-Traversal file from - the openswan distribution are: - - * Transport Mode can't be used without NAT in the IPSec layer. Otherwise, - all packets for the NAT device (including all hosts behind it) would be - sent to the NAT-T Client. This would create a sort of blackhole between - the peer which is not behind NAT and the NAT device. - - * In Tunnel Mode with roadwarriors, we CAN'T accept any IP address, - otherwise, an evil roadwarrior could redirect all trafic for one host - (including a host on the private network) to himself. That's why, you have - to specify the private IP in the configuration file, use virtual IP - management, or DHCP-over-IPSec. - - -- Yves-Alexis Perez <corsac@debian.org> Mon, 30 Sep 2013 20:43:03 +0200 |