diff options
| -rw-r--r-- | debian/NEWS | 17 | ||||
| -rw-r--r-- | debian/changelog | 6 | ||||
| -rwxr-xr-x | debian/rules | 12 |
3 files changed, 31 insertions, 4 deletions
diff --git a/debian/NEWS b/debian/NEWS new file mode 100644 index 000000000..8e149f913 --- /dev/null +++ b/debian/NEWS @@ -0,0 +1,17 @@ +strongswan (4.5.0-1) unstable; urgency=low + + Starting with strongswan 4.5.0 upstream, the IKEv2 protocol is now the + default. This can easily be changed using the keyexchange=ikev1 config + option (either in the respective "conn" section or by putting it in the + "default" section and therefore applying it to all existing connections). + + The IKEv2 protocol has less overhead, more features (e.g. NAT-Traversal by + default, MOBIKE, Mobile IPv6), and provides better error messages in case + the connection can not be established. It is therefore highly recommended + to use it when the other side also supports it. + + -- Rene Mayrhofer <rmayr@debian.org> Sun, 28 Nov 2010 13:16:00 +0200 + +Local variables: +mode: debian-changelog +End: diff --git a/debian/changelog b/debian/changelog index fd4dfc123..fce88ba2c 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,6 +1,12 @@ strongswan (4.5.0-1) unstable; urgency=low * New upstream version 4.5.0 + * Enabled new configure options for additional libstrongswan plugins: + --enable-ctr --enable-ccm --enable-gcm --enable-addrblock --enable-led + --enable-pkcs11 --enable-eap-tls --enable-eap-ttls --enable-eap-tnc + * Enable NAT-Traversal with transport mode support so that strongswan + can be used for an L2TP/IPsec gateway (e.g. for Windows or mobile phone + clients). -- Rene Mayrhofer <rmayr@debian.org> Sun, 28 Nov 2010 13:09:42 +0100 diff --git a/debian/rules b/debian/rules index bb59f9848..c7253fe21 100755 --- a/debian/rules +++ b/debian/rules @@ -14,21 +14,25 @@ CONFIGUREARGS := --prefix=/usr --sysconfdir=/etc --localstatedir=/var \ --libexecdir=/usr/lib \ --enable-ldap --enable-curl \ --with-capabilities=libcap \ - --enable-smartcard \ + --enable-smartcard --enable-pkcs11 \ --with-default-pkcs11=/usr/lib/opensc-pkcs11.so \ --enable-mediation --enable-medsrv --enable-medcli \ --enable-openssl --enable-agent \ + --enable-ctr --enable-ccm --enable-gcm --enable-addrblock \ --enable-eap-radius --enable-eap-identity --enable-eap-md5 \ --enable-eap-gtc --enable-eap-aka --enable-eap-mschapv2 \ + --enable-eap-tls --enable-eap-ttls --enable-eap-tnc \ --enable-sql --enable-integrity-test \ --enable-nm --enable-ha --enable-dhcp --enable-farp \ - --enable-test-vectors + --enable-led \ + --enable-test-vectors --enable-nat-transport # --with-user=strongswan --with-group=nogroup \ # --enable-kernel-pfkey --enable-kernel-klips \ - # Could enable --enable-nat-transport, but this is actually insecure, - # so don't! # And for --enable-eap-sim we would need the library, which we don't # have right now. + # Don't --enable-cisco-quirks, because some other IPsec implementations + # (most notably the Phion one) have problems connecting when pluto + # sends these Cisco options. DEB_BUILD_ARCH_CPU ?=$(shell dpkg-architecture -qDEB_BUILD_ARCH_CPU) |