[Openswan dev] [Announce] openswan-2.6.24 released

Paul Wouters paul at xelerance.com
Sat Jan 9 20:41:25 EST 2010

Xelerance has released openswan 2.6.24.


This is a bugfix and enhancement release.

As always, please use http://bugs.openswan.org/ to report bugs, or
discuss issues on users at openswan.org or dev at openswan.org. Or linger
at FreeNode's #openswan / #openswan-dev

The changes:

* Give clear warning about missing defaultroute [Tuomo]
* Fix to allow ";" in the ike/esp parameters as per man page. [Avesh]
* Fix for DPD with NETKEY [Frank Eberle]
* Make initscript LSB compliant [Avesh]
* Fix for compiling with nss and broken nspr header [Elio Maldonado Batiz]
* Do not set the IKEv2 Critical flag for payloads defined in RFC 4306 [Avesh]
* Client side support for Cisco load balance directives in IKEv1 [Avesh]
   - new keyword: remote_peer_type=cisco
* Update ipsec_setup man page to match setup changes [Tuomo]
* Zeroize ISAKMP and IPsec SA's when in FIPS mode [Avesh]
* Initial contact from Windows/l2tp would fail once before succeeding [David]
* KLIPS compiles on all recent (upto 2.6.31) kernels [mcr]
* KLIPS fixes for 2.6.32 [david/paul]
* Fix for mixed IPv6 in IPv4 and vice versa tunnels [Heiko Hund]
* Fix for NETKEY on kernels 2.6.26+ [Andreas Steffan]
* NAT-OA fixes [David]
* Fixup cryptoapi sg_set_page for older kernels [David]
* Honour kernel build verbose setting via V=1 [mcr]
* Change NAT-Traversal support log message (It's not a patch) [Tuomo]
* Some programs were installed twice causing .old files [Avesh]
   - This is redhat bugzilla #546024
* lwdns.req.log moved from /var/tmp/ to /var/run/pluto/ [Avesh]
   - This is to avoid an SElinux AVC Denial
* Fix compilation so it does not require xmlto [paul]
* Fix NSS by removing extra sql: from NSS db directory name [Tuomo]
   (sql: syntax not supported on RHEL/CentOS nss version)
* Move NSS debug logging to DBG_PARSING [Tuomo]
* Bugtracker bugs fixed:
    # 428:  KLIPS NULL encryption patch (through cryptoapi)
    #1004: L2TP broken with NAT'ed clients [dhr/Tuomo/Paul]
    #1053: typo in notification sending routine [Seong-hun Lim]
    #1055: init script hangs on startup with semi-broken shells [Michael Smith]
           (eg busybox and debian's new default /bin/dash shell)
    #1067: openswan fails on systems not supporting popen() [Jonathan Miller]
    #1072: Compiling with USE_VENDORID=false fails [paul]

Announce mailing list
Announce at openswan.org

More information about the Dev mailing list