[Announce] openswan-2.6.15 released

Paul Wouters paul at xelerance.com
Sat Jul 5 00:42:41 EDT 2008


Xelerance has released openswan 2.6.15. Note that there are still a few
bugs left which can cause regresion of functionality compared to openswan
2.4.13. Please deploy with care.

http://www.openswan.org/download/development/openswan-2.6.15.tar.gz
http://www.openswan.org/download/development/openswan-2.6.15.tar.gz.asc

The openswan 2.6.x series supports IKEv2.

Recently, openswan 2.4.13 was also released. The only feature in that
release was to recognise ikev2 packets and log a message that these
are no supported in the openswan 2.4.x tree (instead of showing some
cryptic error message)

>From the CHANGES file:

v2.6.15
* Patch to support NETKEY backport on Debian kernels [Rene Mayrhofer]
* Fix a crasher when using right=%any with plutodebug=controlmore [paul]
* Added disable_port_floating support to scripts and parser and
  repair the default back to allow port floating [paul]
* Change (back) defaults of plutorestartoncrash and uniqueids from
  no to yes. The new parser mistakenly did not set these [paul]
* Revert af family code in find_host_pair causing some connections to not
  be found in find_host_connection2() [paul]
* Fixes to _updown.mast, _realsetup (mast) and startklips [paul]
* Fixed to saref code so we can build on OSX again [paul]
* Use PREROUTING instead of OUTPUT/FORWARD for mast [mcr]
* NETKEY support for eroute_idle using get_sa_info() [herbert/andreas]
* Do not send DPD "R_Y_THERE" when eroute not idle [andreas]
* Support for Relative Distinguished Name "unstructuredName"/"UN"
  in ID_DER_ASN1_DN identities (eg leftid="UN=John Doe") [andreas]
* Removed forwardcontrol= and rp_filter= options. Ignore if present
  in config file. Use /etc/sysctl.conf [paul]
* Fix for left="%defaultroute" when using NETKEY [tuomo]
* Fix for KLIPS on SMP systems (missing SOCKOPS_WRAP for pfkey_ops) [dhr/paul]
* Merged in some IPsec SAref related code [mcr/paul]
* Merged in packaging/suse for building rpms on SLES [paul]
* Bugtracker bugs fixed:
  #784 / #928 : openswan (pfs=yes) to vista (pfs=no) crasher [paul/dhr]
  #934: mem leak in klips:ipsec_rcv_decap [Wolfgang Nothdurft]
  #935: 935: Openswan 2.6.14rc5 refuses to start after carsh  [paul]
  #939: Openswan 2.6.14rc5 crashes on startup if dns is not reachable [andreas]
        (curl issue on 64bit platforms when dns is not available)
  #953: disable_port_floating defaults to yes and config parser... [paul]
  #954: patch to support DEFAULT_SOURCE using netkey [mdw21]
  #957: pluto always gets --disable_port_floating parameter... [paul]
  #963: rp_filter=%unchanged option causes assertion failure  [paul]
  #964: make -j4 programs fail [tuomo]




More information about the Announce mailing list