Ukukhishwa kwe-OpenIKED 7.1, ukuqaliswa kwephrothokholi ye-IKEv2 eyakhiwe iphrojekthi ye-OpenBSD, kushicilelwe. Izingxenye ze-IKEv2 ekuqaleni beziyingxenye ebalulekile yesitaki se-OpenBSD IPsec, kodwa manje sezihlukaniselwe iphakheji ephathekayo ehlukile futhi ingasetshenziswa kwezinye izinhlelo zokusebenza. Isibonelo, i-OpenIKED ihlolwe ku-FreeBSD, NetBSD, macOS, nokusatshalaliswa kweLinux okuhlukahlukene, okuhlanganisa i-Arch, Debian, Fedora, kanye no-Ubuntu. Ikhodi ibhalwe ngo-C futhi isatshalaliswa ngaphansi kwelayisensi ye-ISC.
I-OpenIKED ikuvumela ukuthi usebenzise amanethiwekhi ayimfihlo asuselwa ku-IPsec. Isitaki se-IPsec sakhiwe amaphrothokholi amabili amakhulu: I-Key Exchange Protocol (IKE) kanye ne-Encrypted Transport Protocol (ESP). I-OpenIKED isebenzisa izici zokuqinisekisa, ukumisa, ukushintshanisa ukhiye, nokugcinwa kwenqubomgomo yezokuphepha, kanye nephrothokholi yokubethela ithrafikhi ye-ESP ngokuvamile inikezwa i-kernel yesistimu yokusebenza. Izindlela zokuqinisekisa ku-OpenIKED zingasebenzisa okhiye ababiwe ngaphambilini, i-EAP MSCHAPv2 ngesitifiketi se-X.509, kanye nokhiye basesidlangalaleni be-RSA kanye ne-ECDSA.
Inguqulo entsha yengeza umyalo 'we-ikectl show certinfo' ukuze ubonise izitifiketi ezilandiwe kanye neziphathimandla zesitifiketi, ithuthukisa ukusekelwa kokuhlukaniswa komlayezo we-IKEv2, inweba amandla okumisa intambo, yengeza ukusekelwa kokuhlukaniswa kwenqubo yangemuva kusetshenziswa indlela ye-AppArmor ku-Linux, yengeza izivivinyo ezintsha zokukhomba ukuhlehla. izinguquko ezisekelweni ezahlukene.
Source: opennet.ru