[Announce] openswan-2.6.15 released

Paul Wouters paul at xelerance.com
Sat Jul 5 00:42:41 EDT 2008

Xelerance has released openswan 2.6.15. Note that there are still a few
bugs left which can cause regresion of functionality compared to openswan
2.4.13. Please deploy with care.


The openswan 2.6.x series supports IKEv2.

Recently, openswan 2.4.13 was also released. The only feature in that
release was to recognise ikev2 packets and log a message that these
are no supported in the openswan 2.4.x tree (instead of showing some
cryptic error message)

>From the CHANGES file:

* Patch to support NETKEY backport on Debian kernels [Rene Mayrhofer]
* Fix a crasher when using right=%any with plutodebug=controlmore [paul]
* Added disable_port_floating support to scripts and parser and
  repair the default back to allow port floating [paul]
* Change (back) defaults of plutorestartoncrash and uniqueids from
  no to yes. The new parser mistakenly did not set these [paul]
* Revert af family code in find_host_pair causing some connections to not
  be found in find_host_connection2() [paul]
* Fixes to _updown.mast, _realsetup (mast) and startklips [paul]
* Fixed to saref code so we can build on OSX again [paul]
* Use PREROUTING instead of OUTPUT/FORWARD for mast [mcr]
* NETKEY support for eroute_idle using get_sa_info() [herbert/andreas]
* Do not send DPD "R_Y_THERE" when eroute not idle [andreas]
* Support for Relative Distinguished Name "unstructuredName"/"UN"
  in ID_DER_ASN1_DN identities (eg leftid="UN=John Doe") [andreas]
* Removed forwardcontrol= and rp_filter= options. Ignore if present
  in config file. Use /etc/sysctl.conf [paul]
* Fix for left="%defaultroute" when using NETKEY [tuomo]
* Fix for KLIPS on SMP systems (missing SOCKOPS_WRAP for pfkey_ops) [dhr/paul]
* Merged in some IPsec SAref related code [mcr/paul]
* Merged in packaging/suse for building rpms on SLES [paul]
* Bugtracker bugs fixed:
  #784 / #928 : openswan (pfs=yes) to vista (pfs=no) crasher [paul/dhr]
  #934: mem leak in klips:ipsec_rcv_decap [Wolfgang Nothdurft]
  #935: 935: Openswan 2.6.14rc5 refuses to start after carsh  [paul]
  #939: Openswan 2.6.14rc5 crashes on startup if dns is not reachable [andreas]
        (curl issue on 64bit platforms when dns is not available)
  #953: disable_port_floating defaults to yes and config parser... [paul]
  #954: patch to support DEFAULT_SOURCE using netkey [mdw21]
  #957: pluto always gets --disable_port_floating parameter... [paul]
  #963: rp_filter=%unchanged option causes assertion failure  [paul]
  #964: make -j4 programs fail [tuomo]

More information about the Announce mailing list