[Openswan dev] openswan 2.4.8rc1 released

Paul Wouters paul at xelerance.com
Fri Feb 23 01:29:04 EST 2007

Due to the critical bugs fixed, we want to release a new version sooner
rather then later. For those who want to do some testing, or those who
need a bugfix that's only in CVS, 2.4.8rc1 is now available at


Please note that this version should NOT be used with the NAT-T patch
for KLIPS on 2.6.19 and 2.6.20 as we have confirmed crashers for those
kernels. 2.6.18 is known to be broken for NAT-T in general, so the
latest kernel this should work stable with is

Please give this release a good testing.


* Fix for compiling on 2.6.20 (sk_buff's nfmark is now called mark)
* NAT-T patch update for 2.6.20
* NAT-T patch broke NAT-T for NETKEY,even with CONFIG_IPSEC_NAT_TRAVERSAL unset
* Fix for too small ike string buffer ipsec auto --status output [paul/dhr]
* Fix for Aggressive Mode and NAT-T port floating, based on RedHat patch [paul]
* Fix for Aggressive Mode and NAT-T (#491) by Delta Yeh
* Workaround for NETKEY's unlimited acquire stream by Michael Smiths (#726)
* backports from git
  #git c75967b03b2c478a612aef4ccb7e5dff6e4bdaf5: dpdaction=restart fix [mcr]
  #git 41e54a2684dc809d7952e816860ea646a3194a72: Fix for kernels > 2.6.18
  #git c2e23a6e16a55632d618740518d419f3fad3323d: AggressiveMode with nhelpers=0
                                                 fix from Marin Hincks
  #git 1933710623a33fe8f3229b193721aed005fb87c2: Crasher in printing alg debug
  #git 9bfb2794bd9c239dfe9e9617616eaf6fc389de57: uninitialized sockaddrs fix
  #git e199785d8e11687534569b04a3e0a6956b2086b8: set helper # in child
* bugtracker bugs fixed:
  #698: Wrong IKE-Algorithm displayed on ipsec auto --status [martin/paul/mcr]
        original patch by Martin Schiller
  #719: Fix to authenticate with a smartcard (USB Aladdin eToken) ["pm"]

As a side note, the 2.5 series is getting stable, and we hope to only
release one or two versions in the 2.4.x series. Now is a good time
to start testing the 2.5 series. You can find 2.5.05 at:


For those who want to bleed, there is openswan-3.0.06 as well. This
release is meant for developers only, and we do not provide enduser
support on the 3.x series yet.

Building and integrating Virtual Private Networks with Openswan:

More information about the Dev mailing list