The OpenBSD project has released the release of OpenIKED 7.2, an implementation of the IKEv2 protocol developed by the OpenBSD project. This is the fourth release of OpenIKED in the form of a separate project - initially, the IKEv2 components were an indivisible part of the OpenBSD IPsec stack, but then they were separated into a separate portable package and can now be used on other operating systems. OpenIKED has been tested on FreeBSD, NetBSD, macOS, and various Linux distributions including Arch, Debian, Fedora, and Ubuntu. The code is written in C language and distributed under the ISC license.
OpenIKED allows you to deploy virtual private networks based on IPsec. The IPsec stack is made up of two main protocols: the Key Exchange Protocol (IKE) and the Encrypted Traffic Transfer Protocol (ESP). OpenIKED implements elements of authentication, configuration, key exchange, and maintenance of security policies, and a protocol for encrypting ESP traffic is usually provided by the kernel of operating systems. Of the authentication methods in OpenIKED, pre-shared keys, EAP MSCHAPv2 with an X.509 certificate, and RSA and ECDSA public keys can be used.
In the new version:
- Added counters with statistics of the iked background process, which can be viewed with the command 'ikectl show stats'.
- Provided the ability to send certificate chains to multiple payload CERTs.
- Added payload with vendor ID to improve compatibility with older versions.
- Improved rule search taking into account the srcnat property.
- Improved work with NAT-T in Linux.
Source: opennet.ru