diff options
author | Rene Mayrhofer <rene@mayrhofer.eu.org> | 2010-11-28 12:32:07 +0000 |
---|---|---|
committer | Rene Mayrhofer <rene@mayrhofer.eu.org> | 2010-11-28 12:32:07 +0000 |
commit | 5a987070dfdfb0feba15700e35228f0898bf144e (patch) | |
tree | e23f8c7dc2f6e88dfb69047d3a32383aae4b2411 /debian | |
parent | 7b8b352039efd78338a7bf451a0550644ec8a8da (diff) | |
download | vyos-strongswan-5a987070dfdfb0feba15700e35228f0898bf144e.tar.gz vyos-strongswan-5a987070dfdfb0feba15700e35228f0898bf144e.zip |
Document major upstream change (IKEv2 being the default now) and enable more configure options.
Diffstat (limited to 'debian')
-rw-r--r-- | debian/NEWS | 17 | ||||
-rw-r--r-- | debian/changelog | 6 | ||||
-rwxr-xr-x | debian/rules | 12 |
3 files changed, 31 insertions, 4 deletions
diff --git a/debian/NEWS b/debian/NEWS new file mode 100644 index 000000000..8e149f913 --- /dev/null +++ b/debian/NEWS @@ -0,0 +1,17 @@ +strongswan (4.5.0-1) unstable; urgency=low + + Starting with strongswan 4.5.0 upstream, the IKEv2 protocol is now the + default. This can easily be changed using the keyexchange=ikev1 config + option (either in the respective "conn" section or by putting it in the + "default" section and therefore applying it to all existing connections). + + The IKEv2 protocol has less overhead, more features (e.g. NAT-Traversal by + default, MOBIKE, Mobile IPv6), and provides better error messages in case + the connection can not be established. It is therefore highly recommended + to use it when the other side also supports it. + + -- Rene Mayrhofer <rmayr@debian.org> Sun, 28 Nov 2010 13:16:00 +0200 + +Local variables: +mode: debian-changelog +End: diff --git a/debian/changelog b/debian/changelog index fd4dfc123..fce88ba2c 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,6 +1,12 @@ strongswan (4.5.0-1) unstable; urgency=low * New upstream version 4.5.0 + * Enabled new configure options for additional libstrongswan plugins: + --enable-ctr --enable-ccm --enable-gcm --enable-addrblock --enable-led + --enable-pkcs11 --enable-eap-tls --enable-eap-ttls --enable-eap-tnc + * Enable NAT-Traversal with transport mode support so that strongswan + can be used for an L2TP/IPsec gateway (e.g. for Windows or mobile phone + clients). -- Rene Mayrhofer <rmayr@debian.org> Sun, 28 Nov 2010 13:09:42 +0100 diff --git a/debian/rules b/debian/rules index bb59f9848..c7253fe21 100755 --- a/debian/rules +++ b/debian/rules @@ -14,21 +14,25 @@ CONFIGUREARGS := --prefix=/usr --sysconfdir=/etc --localstatedir=/var \ --libexecdir=/usr/lib \ --enable-ldap --enable-curl \ --with-capabilities=libcap \ - --enable-smartcard \ + --enable-smartcard --enable-pkcs11 \ --with-default-pkcs11=/usr/lib/opensc-pkcs11.so \ --enable-mediation --enable-medsrv --enable-medcli \ --enable-openssl --enable-agent \ + --enable-ctr --enable-ccm --enable-gcm --enable-addrblock \ --enable-eap-radius --enable-eap-identity --enable-eap-md5 \ --enable-eap-gtc --enable-eap-aka --enable-eap-mschapv2 \ + --enable-eap-tls --enable-eap-ttls --enable-eap-tnc \ --enable-sql --enable-integrity-test \ --enable-nm --enable-ha --enable-dhcp --enable-farp \ - --enable-test-vectors + --enable-led \ + --enable-test-vectors --enable-nat-transport # --with-user=strongswan --with-group=nogroup \ # --enable-kernel-pfkey --enable-kernel-klips \ - # Could enable --enable-nat-transport, but this is actually insecure, - # so don't! # And for --enable-eap-sim we would need the library, which we don't # have right now. + # Don't --enable-cisco-quirks, because some other IPsec implementations + # (most notably the Phion one) have problems connecting when pluto + # sends these Cisco options. DEB_BUILD_ARCH_CPU ?=$(shell dpkg-architecture -qDEB_BUILD_ARCH_CPU) |