2009-12-17

Software Version 5.2.2

VPN with Apple iPhone as well as new bandwidth management

Simplification on the VPN system

• Simultaneous operation of connections with dynamic IP address regardless of authentication method (certificates and PSK)
• Forwarding multiple subnets over one connection
• Automatic assignment of IP address and DNS server to the client is possible (mode-config)

Improvement on the VPN system

• Support Apple iPhone
• XAUTH server mode to better secure connections with pre-shared key
• The far end IPs can be rewritten (NAT) when accessing the Internet
• The packages "makecert" and "smallca" also run under 64-bit Windows

Improvement to bandwidth management

• New method with faster response time (HFSC)
• Lines with more than 16 mbit/s are better utilized
• Less packet loss in case of congested line

More improvements

• Vulnerability of TLS and SSLv3 encryption bypassed by disabling "renegotiation"
• Improving security on the Linux base system (bind-9.6.1-P2: CVE-2009-4022, kernel-2.6.30.10: CVE-2009-3547, CVE-2009-3612, CVE-2009-3621 and CVE-2009-3638, newt-0.51: CVE-2009-2905, openssl-0.9.8l: CVE-2009-3555, samba-3.0.37: CVE-2009-2813, CVE-2009-2948 and CVE-2009-2906)
• Linux basic services update (strongswan-4.2.17)

Back to overview