[Openswan Users] [Announce] Openswan 2.4.6 Released

Paul Wouters paul at xelerance.com
Thu Aug 3 23:45:51 EDT 2006

Xelerance releases Openswan-2.4.6

This release fixes various compilation errors on the latest 2.6 kernels,
such as the MODULE_PARM obsoletion and the skb_linearize API change.
This version has been tested up to 2.6.18-rc2, including KLIPS. It also
fixes the DPD bug where dpdaction=restart did not work properly.

Some reported bugs have not yet been fixed. If you have reported bugs that
are not fixed with this release, please look at http://bugs.oepnswan.org/
for the current status of your bug. If it is not there, please report
it again to the mailing list.

Openswan-2.4.x is the stable release branch. No major features will be
added to this tree. Active development is now done on the GIT branch,
which is called #public. See the openswan website on how to obtain this
development branch.

As always, the source code is available via web and ftp:



* Fix for VIA Nehemiah to use /dev/hw_random to generate new rsakey
  (using /dev/random on these chips caused it to block too long)
* Various CryptoAPI related fixes.
* Removed support for HIPPI which broke compilation on 2.6.16.*
* Pull up of fix for rightnexthop->leftnexthop
* Added logging when we don't find the right hash bucket
* Changed a few x509 log messages to make automatic parsing easier
* Unload KLIPS at shutdown again to prevent lingering IPs on ipsecX,
  also in case KLIPS is inline, and the ipsecX interfaces do not go away,
  remove IP addresses from IP aliases bound to ipsecX devices.
* Fixed typo in ipsec.conf's virtual_private example
* Improved protocol detection in ipsec_print_ip() [bart]
* Fixed minimum skb lenght requried for ipsec decompression [bart]
  (This is probably bug #609)
* Fix a 64bit bug in compression code [bart]
* Removing a left over '#else' that split another '#if/#endif' block in two
  in ipsec_xmit.c [bart]
* MODULE_PARM has been obsoleted for module_param on 2.6.17+ [paul]
* skb_linearize API changed in 2.6.18+ [paul]
* bugtracker bugs fixed:
  #452: dpdaction=restart doesn't clear or restart quick mode SAs
  #537: Compilation will fail with kernel 2.6.14 and klips and CONFIG_HIPPI=y
  #636: KLIPS and vanilla-2.6.17 compilation error
  #642: ipsec_xmit.c and CONFIG_KLIPS_DEBUG on 2.4 compile issue
  #647: compile fails with version 2.4.6-rc2 + vanilla kernel linux-
  #631: KLIPS module does not build with 2.6.17-rc6 kernel
  #646: NATT + IPCOMP fails on rcv in KLIPS [bart]
        (This is a generic NATT+ESP bug, not just an ipcomp bug)

Announce mailing list
Announce at openswan.org

More information about the Users mailing list