The release of OpenIKED 7.1, the implementation of the IKEv2 protocol developed by the OpenBSD project, has been published. Initially, the IKEv2 components were an integral part of the OpenBSD IPsec stack, but are now separated into a separate portable package and can be used on other operating systems. For example, OpenIKED has been tested on FreeBSD, NetBSD, macOS, and various Linux distributions including Arch, Debian, Fedora, and Ubuntu. The code is written in C language and distributed under the ISC license.
OpenIKED allows you to deploy virtual private networks based on IPsec. The IPsec stack is made up of two main protocols: the Key Exchange Protocol (IKE) and the Encrypted Traffic Transfer Protocol (ESP). OpenIKED implements elements of authentication, configuration, key exchange, and maintenance of security policies, and a protocol for encrypting ESP traffic is usually provided by the kernel of operating systems. Authentication methods in OpenIKED can use pre-shared keys, EAP MSCHAPv2 with an X.509 certificate, and RSA and ECDSA public keys.
The new version adds the 'ikectl show certinfo' command to show downloaded certificates and CAs, improved support for IKEv2 message fragmentation, enhanced flow configuration options, added support for background process isolation using the AppArmor mechanism in Linux, added new tests to detect regression changes on different platforms.
Source: opennet.ru