[Announce] Openswan 2.4.8 Released

Paul Wouters paul at xelerance.com
Thu May 24 11:35:50 EDT 2007

Xelerance releases Openswan-2.4.8

Openswan-2.4.x is now in maintenance mode only. This means only security
fixes will be applied to this tree. No new features will be integrated.

This is a major bugfix release. It was delayed several times because the
Linux kernel changed dramatically since 2.6.18. Although we originally
planned to make this release work for 2.6.20, due to the new changes in
the skb structure in 2.6.22, we are not focussing on making openswan
work on the kernels after 2.6.18 and before 2.6.22.

As such, the official recommendation for openswan 2.4.8 is to use a
2.4.x kernel or a 2.6.18.x kernel. If you need a newer kernel, please
use openswan 2.5.x.

As always, the GPG signed source code is available via web and ftp:



* Added Andy Gay's ipcomp with esp= fix in contrib/ipcomp/ (see #538)
* Added and enabled DISABLE_UDP_CHECKSUM until the cause of this bug
  has been fixed. This is bug#601. Found by Frank Vogt
* fix for ikeping reporting wrong percentge of lost packets [Mark-Andre Hopf]
* Fix for busybox' ifconfig (doesn't support 'inet') [Dave Chuha]
* Fix for compiling on 2.6.20 (sk_buff's nfmark is now called mark)
* NAT-T patch update for 2.6.20
* NAT-T patch broke NAT-T for NETKEY,even with CONFIG_IPSEC_NAT_TRAVERSAL unset
* Fix for too small ike string buffer ipsec auto --status output [paul/dhr]
* Fix for Aggressive Mode and NAT-T port floating, based on RedHat patch [paul]
* Fix for Aggressive Mode and NAT-T (#491) by Delta Yeh
* ikeping waits milliseconds instead of seconds, patch by Mark-Andre Hopf
* Workaround for NETKEY's unlimited acquire stream by Michael Smiths (#726)
* Some vendor ID's for Vista and Cisco VPN 3000 [jacco]
* backports from git
  #git 5735f731ed474dbb22fce2f5bc0a9f5e1fea2994: rewrite of available worker
                                                 code from egbert@ [mcr]
  #git c75967b03b2c478a612aef4ccb7e5dff6e4bdaf5: dpdaction=restart fix [mcr]
  #git 41e54a2684dc809d7952e816860ea646a3194a72: Fix for kernels > 2.6.18
  #git c2e23a6e16a55632d618740518d419f3fad3323d: AggressiveMode with nhelpers=0
                                                 fix from Marin Hincks
  #git 1933710623a33fe8f3229b193721aed005fb87c2: Crasher in printing alg debug
  #git 9bfb2794bd9c239dfe9e9617616eaf6fc389de57: uninitialized sockaddrs fix
  #git e199785d8e11687534569b04a3e0a6956b2086b8: set helper # in child
* bugtracker bugs fixed:
  #723: Bogus Code in pluto_crypt.c [egbert/mt/mcr]
  #698: Wrong IKE-Algorithm displayed on ipsec auto --status [martin/paul/mcr]
        original patch by Martin Schiller
  #719: Fix to authenticate with a smartcard (USB Aladdin eToken) ["pm"]

More information about the Announce mailing list