[Announce] ANNOUNCE: Openswan 2.4.0 Released

Paul Wouters paul at xelerance.com
Tue Sep 13 00:17:53 EDT 2005

ANNOUNCE: Openswan 2.4.0 (The Wedding release)

Xelerance has released Openswan 2.4.0. This release is dedicated to Ken
Bantoft and Van Le, who were wed today, and who are now collectivity
known as Ken and Van Vantoft.

It has been a few months since the last full release of Openswan-2. Many
enhancements and even more bugfixes have made it into the tree. Although
we are aware that this release does not fix all outstanding bug reports,
we do feel we should release it at this point since it provides much
better stability compared to the openswan-2.3.1 release. It also includes
support for compiling KLIPS for 2.6.11 - 2.6.13 kernels, though at this
point we do not recommend using KLIPS on 2.6.12 or higher. Testing has
confirmed 2.6.11 is fine for use of KLIPS.

As always, please report bugs either on http://bugs.openswan.org/
or discuss matters on our mailinglists at http://lists.openswan.org/
or find some of the developers on #openswan at irc.freenode.net It is
available at the usual locations:


And of course it has been added to the following yum repository:

name=openswan - Fedora Openswan IPsec packages

The list of changes follows below:

Please see docs/KNOWN_BUGS file. (Seriously)

* NAT-T support for KLIPS on 2.6 (Sponsored by Astaro)
* Additional Cipher support with KLIPS on 2.6 (Sponsored by Astaro)
* Fix for NAT-T/PSK rekey (Ulrich @ Astaro)
* Delete _updown.c and _updown.posix versions as they were obsolete
* Fixes for aggressive mode and policy mode
* Various bugfixes as reported on http://bugs.openswan.org/
   #201 pluto not accepting negotiations on port 500 after port floating to 4500
   #249 two default routes confuses scripts
   #261 2 RW's w/DPD behind a NAT kick each other off at rekey time
   #267 pluto crashes on inbound X.509 roadwarrior
   #269 informational crasher in demux.c
   #301 kernel_netkey.c lists invalid ESP algorithm
   #302 pluto assumes it has 3DES
   #305 passert_fail (pred_str=0x80b88e3 "st->st_suspended_md->st == st", file_str=0x80b86a0 "state.c"
   #306 st->st_suspended_md->st == st passert()
   #316 Patch for ALG support from Astaro
   #324 Impossible to disable AGGRESSIVE mode
   #327 pluto nat-t detection on 2.6 without klips nat-t patch fails to
        disable nat-t
   #328 ipsec setup fixes for awk compiled with --enable-switch
   #341 Pluto crashes with: ipsec__plutorun: !pluto failure!: exited with error
        status 134 (signal 6)
   #342 fix for 2.6.12 undocumented API fixes for sk_zapped and sk_alloc()
        (based on fix from Sergeil.
   #350 fix for passert() at connections.c:1353: isanyaddr(&c->spd.that.host_addr)
   #355 dpdaction restart fix from Astaro
   #357 secure_xauth_username_str fix from Astaro
   #360 checkv199install creates bogus "old" files
   #361/#363 fix for passert() demux.c:1204: unknown address family in
   #368 Fix for ipsec --setup --status output and eroute counting
   #372 Netkey and device labels (eth#:#)
   #373 _updown_x509 still uses obsolete 'route add' commands
   #377 pluto crashes processing first connection if nhelpers=0
   #380 pluto crashes when sent an IKEPING
   #381 assertion failure in init_demux if AGGRESSIVE not defined
   #383 MODP >= 4096 FIX
   #386 undefined symbols compiling klips as module
   #387 / #420 pfkey_ops undefined error on SMP kernel compiles.
               possibly fixed, but may result in SMP unsafe-ness.
   #342 KLIPS cannot be compiled for 2.6.12+
   #415 RPM packaging errors for 2.4 based kernels
   #416 Need a way to tell if NAT-T is compiled in the IPSec kernel

More information about the Announce mailing list