[Openswan Users] [Announce] openswan-2.6.23 released

Paul Wouters paul at xelerance.com
Tue Sep 8 20:50:06 EDT 2009

Xelerance has released openswan 2.6.23.


This is a bugfix and enhancement release.

As always, please use http://bugs.openswan.org/ to report bugs, or
discuss issues on users at openswan.org or dev at openswan.org. Or linger
at FreeNode's #openswan / #openswan-dev

The changes:

* Support for dropping unneeded capabilities using libcap-ng [Avesh]
   (Changed using  USE_LIBCAP_NG= in Makefile.inc)
* Additional ASN.1 parser checks by David McCullough [David]
* PSK support with USE_LIBNSS [Avesh Agarwal]
* Allow multiple different PSK road warriors with Aggressive Mode [David]
* Additional KLIPS debugging can be enabled in /proc/net/ipsec_saraw [David]
* Extended fipschecks [Avesh Agarwal]
* auto=route tunnels could fail due to an Opportunstic Encryption bug [David]
* passthrough routes on NETKEY where missing a a policy [Michael H. Warfield]
* The init script was mistakenly installed twice, once as 'setup' [Paul/Harald]
* LSB compliance error in initscript (debian bug#537335) [Petter Reinholdtsen]
* Fix for old style nat-t patch on newstyle 2.6.23+ kernel [Paul]
* ipsec verify now returns non-zero when an error is encountered [Paul]
* Fix for ipsec whack --crash <IP> crasher [David]
* Partial fix for #1004. We no longer drop the port from protoport= [dhr/Paul]
   transport mode L2TP now works again for the non-NAT'ed case
* Fix for size (XXX) differs from size specified in ISAKMP HDR (YYY) [David]
* Removed old USE_SMARTCARD code. Smartcards are now supported via NSS [Paul]
   (not all code was properly #ifdef'ed, so a few changes outside #ifdef
    SMARTCARD were needed)
* Prevent aggressive mode tunnels losing phase2 [David]
* Various fixes to eroutes [David]
* Bugtracker bugs fixed:
    #1044: openswan.spec file builds an RPM that is missing lwdnsq [Joe Steele]

Announce mailing list
Announce at openswan.org

More information about the Users mailing list