[Announce] openswan-2.6.15 released
Paul Wouters
paul at xelerance.com
Sat Jul 5 00:42:41 EDT 2008
Xelerance has released openswan 2.6.15. Note that there are still a few
bugs left which can cause regresion of functionality compared to openswan
2.4.13. Please deploy with care.
http://www.openswan.org/download/development/openswan-2.6.15.tar.gz
http://www.openswan.org/download/development/openswan-2.6.15.tar.gz.asc
The openswan 2.6.x series supports IKEv2.
Recently, openswan 2.4.13 was also released. The only feature in that
release was to recognise ikev2 packets and log a message that these
are no supported in the openswan 2.4.x tree (instead of showing some
cryptic error message)
>From the CHANGES file:
v2.6.15
* Patch to support NETKEY backport on Debian kernels [Rene Mayrhofer]
* Fix a crasher when using right=%any with plutodebug=controlmore [paul]
* Added disable_port_floating support to scripts and parser and
repair the default back to allow port floating [paul]
* Change (back) defaults of plutorestartoncrash and uniqueids from
no to yes. The new parser mistakenly did not set these [paul]
* Revert af family code in find_host_pair causing some connections to not
be found in find_host_connection2() [paul]
* Fixes to _updown.mast, _realsetup (mast) and startklips [paul]
* Fixed to saref code so we can build on OSX again [paul]
* Use PREROUTING instead of OUTPUT/FORWARD for mast [mcr]
* NETKEY support for eroute_idle using get_sa_info() [herbert/andreas]
* Do not send DPD "R_Y_THERE" when eroute not idle [andreas]
* Support for Relative Distinguished Name "unstructuredName"/"UN"
in ID_DER_ASN1_DN identities (eg leftid="UN=John Doe") [andreas]
* Removed forwardcontrol= and rp_filter= options. Ignore if present
in config file. Use /etc/sysctl.conf [paul]
* Fix for left="%defaultroute" when using NETKEY [tuomo]
* Fix for KLIPS on SMP systems (missing SOCKOPS_WRAP for pfkey_ops) [dhr/paul]
* Merged in some IPsec SAref related code [mcr/paul]
* Merged in packaging/suse for building rpms on SLES [paul]
* Bugtracker bugs fixed:
#784 / #928 : openswan (pfs=yes) to vista (pfs=no) crasher [paul/dhr]
#934: mem leak in klips:ipsec_rcv_decap [Wolfgang Nothdurft]
#935: 935: Openswan 2.6.14rc5 refuses to start after carsh [paul]
#939: Openswan 2.6.14rc5 crashes on startup if dns is not reachable [andreas]
(curl issue on 64bit platforms when dns is not available)
#953: disable_port_floating defaults to yes and config parser... [paul]
#954: patch to support DEFAULT_SOURCE using netkey [mdw21]
#957: pluto always gets --disable_port_floating parameter... [paul]
#963: rp_filter=%unchanged option causes assertion failure [paul]
#964: make -j4 programs fail [tuomo]
More information about the Announce
mailing list