published release Openiked 7.1 , the implementation of the IKEV2 protocol developed by the OpenBSD project. Initially, the IKEV2 components were an indivisible part of the OpenBSD IPSEC glass, but now they are highlighted in a separate transferred package and can be used in other operating systems. For example, Openiked’s work is checked in FreeBSD, NetBSD, MacOS and various Linux distributions, including Arch, Debian, Fedora and Ubuntu. The code is written in the language of SI and spreads under the license of ISC.
Openikes allows you to expand virtual private networks based on IPSEC. The IPSEC stack is formed by two main protocols: the key exchange protocol (IKE) and the transmission protocol (ESP). Openiked implements Elements of authentication, setting, exchange and maintenance of security policy, and the ESP traffic encryption is usually provided by the nucleus of operating rooms systems. Of the authentication methods in Openiked, pre-installed keys, EAP MSCHAPV2 with a certificate of X.509 and open keys RSA and ECDSA.
can be used.
The new version added the ‘Ikectl Show Certinfo’ command to show downloaded certificates and certifying centers, IKEV2 messages are improved, the possibility of setting up the flow, supporting the background process is added using the Apparmor mechanism in Linux, and new tests have been added to identify regressive changes on different platforms.