[Openswan dev] [Announce] ANNOUNCE: Openswan 2.3.0 Released

Paul Wouters paul at xelerance.com
Tue Jan 11 02:17:11 CET 2005

Xelerance has released Openswan 2.3.0


* KLIPS for 2.6 support (Experimental)
   (known to be dangerous on redhat kernel sources on ix86 cpus)
* Aggressive Mode Support (client and server)
   (different implementation from openswan-1. DOS protection)
* IKE Mode Config support (Experimental)
* Cisco VPN 3xxx client Interop (Experimental)
* Cryptographic helpers framework
* Fixes for NAT-T on 2.4.28+ kernels.
* AES is now the default proposal
* SHA1 is now perferred over MD5
* Fix for long-standing KLIPS bug with snmpd kernel crasher
* Fixes for DPD with multiple tunnels between the same peers
* Fixes for DPD interop with Cisco
* Always announce DPD capability, even if our end does not use it (as per RFC)
* Fixes for loading proper NETKEY kernel modules (eg xfrm4_tunnel)
* Fixes to RPM spec files in packaging/suse and packaging/redhat

It is available at the usual locations:


The repositories have been made accessible for yum, apt-get, up2date, etc.
For example, to add openswan to yum on fedora:

rpm --import ftp://ftp.openswan.org/openswan/openswan.signingkey.asc

add to yum.conf:

name=openswan - Fedora Openswan IPsec packages

Unfortunately, there seems to be a problem with yum/rpm accepting our key,
so gpgcheck has to be disabled. We believe this might be a bug in rpm when
using subkeys.

you can then install openswan using: yum update ; yum install openswan

As always, please report bugs either on http://bugs.openswan.org or discuss
matters on our mailinglists at http://lists.openswan.org or find some of the
developers on #openswan at irc.freenode.net

Announce mailing list
Announce at openswan.org

More information about the Dev mailing list