freeswan.org Open in urlscan Pro
193.110.157.101  Public Scan

Form analysis
0 forms found in the DOM

Text Content

--------------------------------------------------------------------------------

Introduction     Online Documentation     FreeS/WAN Download     Old News    
Related Tools     Helping Out     Bug Reports     Maillist & Archives    
IPSEC Community     History & Politics     Credits     Home Page   !Lights!

--------------------------------------------------------------------------------

The current version of Linux FreeS/WAN is 2.06, released 2004/04/22.


RECENT PROJECT NEWS:

2003/04/22

   The FreeS/WAN team is proud to announce the arrival of 2.06, the project's
final release of its freely redistributable IPsec for Linux. Here are a few of
its notable features, as documented in the CHANGES file:

 * KLIPS has been ported to Linux 2.6; please see the INSTALL file for more
   details.
 * FreeS/WAN's kernel configuration option, CONFIG_IPSEC, has been changed to
   CONFIG_KLIPS, due to a name conflict with 2.6 IPsec. This breaks "make oldgo"
   on any kernel version, unless a corresponding change is made by hand to the
   kernel's .config file.
 * KLIPS modules generated for 2.4 kernels via "make module" are now created in
   the modobj subdirectory, instead of linux/net/ipsec. The "make minstall"
   target has been updated, but users accustomed to a manual install take note.
 * KLIPS now permits DNS packets out on UDP and TCP port 53.
 * All support for transport mode has been removed.

  Due to a bugfix which addresses a buffer overrun, users of past releases may
wish to upgrade:

 * KLIPS code has been updated to avoid buffer overruns during generation of
   /proc file contents.

  As usual, you can grab this release via ftp from xs4all.nl:

    ncftpget ftp://ftp.xs4all.nl/pub/crypto/freeswan/freeswan-*

  ... and binaries for RedHat/Fedora Core users here:

    ncftp ftp://ftp.xs4all.nl/pub/crypto/freeswan/binaries/RedHat-RPMs/

  Although this is the final full release, if bugfixes warrant it, patches will
be posted here. The team would like to thank our sponsors, past team members,
and all the contributors and users of past FreeS/WAN releases. Thanks to all for
your hard work and community support. Lastly, for current FreeS/WAN users who
are wondering "where do I go from here?", take note of two projects, both forks
of the FreeS/WAN codebase: Openswan and Strongswan.

--------------------------------------------------------------------------------

2004/03/01

   FreeS/WAN is no longer in active development. Although we've created a solid
IPsec implentation widely used to construct Virtual Private Networks, the
project's major goal, ubiquitous Opportunistic Encryption, is unlikely to be
reached given its current level of community support. For the full story, please
see this announcement.

   We plan a final (2.06) development release shortly, with bugfix releases to
follow as needed. Our community at lists.freeswan.org will continue to provide a
forum where users can support one another, and our Web site will remain up. We
expect that FreeS/WAN and its derivatives will be actively used for some time to
come.

--------------------------------------------------------------------------------

2004/02/09

   The FreeS/WAN team has shipped release 2.05, our first release with AH
(Authentication Header) removed! As part of our continuing efforts to create a
lightweight, robust Opportunistic Encryption (OE) product, (and inspired by
Schneier and Ferguson's critique of IPsec), we've removed AH from FreeS/WAN. For
more information, see this page.

   Still in the "experimental support stage" is lwdnsq (lightweight DNS queue),
a mini resolver designed to provide resilient, authenticated DNS lookups to
facilitate OE. lwdnsq now supports DNSsec.

   FreeS/WAN now by default generates RSA keys of random length for
authentication. If variable key lengths are widely deployed, FreeS/WAN will not
provide a "sweet spot" key length where crackers could easily focus their
efforts. A generic attack on FreeS/WAN might then require a more diverse and
thorough approach. For more, see this design-list discussion.

   Please see our CHANGES file for more detail.

--------------------------------------------------------------------------------

2003/12/22

   The mailing lists are running again. For the users' list, we've had to revert
to an October 8 backup. If you find yourself inadvertently subscribed again, or
want to be effortlessly resubscribed, send mail to sam at freeswan dot org.

--------------------------------------------------------------------------------

2003/12/07

   The FreeS/WAN mailing lists (lists.freeswan.org) have been down since
Thursday, due to hard disk failure. We are recovering the data and expect to
have the lists running again soon.

--------------------------------------------------------------------------------

2003/11/13

   2.04 is a bugfix release, important for users of FreeS/WAN 2.03 with 2.6
kernel native IPsec. It is not relevant to users of FreeS/WAN's KLIPS code on a
regular 2.4 series kernel.

   FreeS/WAN 2.03 with 2.6 kernel IPsec is vulnerable to a class of exploits
based on properties of that kernel's Netlink code, itself still in development.
For example, Netlink can receive input from a userspace process and pass it
along to another process which relies on Netlink, such as FreeS/WAN's Pluto
keying daemon. A local user might use this method to send malicious messages to
Pluto. Our 2.04 release contains bugfixes hardening Pluto against this class of
attack. All users of FreeS/WAN 2.03 on 2.6 series kernels are encouraged to
upgrade.

   For this release, we have created RPMs suitable for use on Fedora Core 1.
They are available via the usual download methods.

--------------------------------------------------------------------------------

2003/10/13

   Linux FreeS/WAN 2.03 is out! It features preliminary support for 2.6 kernels,
either via KLIPS or the native 2.6 kernel IPsec. See the new 2.6.known-issues
document for more details. 2.03 also ships with an iproute2 based _updown
script. Several bugfixes are included, notably a fix for SHA1 packet reception.
For more information, see our CHANGES and BUGS documents.

--------------------------------------------------------------------------------

2003/09/04

   The Linux FreeS/WAN team is pleased to announce release 2.02. This release
offers several new conveniences, including:

 * one-line configuration for initiator-only Opportunistic Encryption, (OE)
   using ipsec.conf's new myid option. See our quickstart guide to get set up
   for OE.
 * a new RPM (Redhat Package Manager) spec file. This will help folks who need
   to compile RPMs from FreeS/WAN source.

In addition, wavesec and OE now coexist nicely. As always, more details are in
CHANGES and BUGS.

--------------------------------------------------------------------------------

2003/07/04

   FreeS/WAN 2.01 has shipped and is available as both source and binary RPM's.
This is an important release for anyone using Opportunistic Encryption (OE) as
there is a small but serious change to the OE protocol. For now the protocol is
backwards compatible, but we strongly suggest upgrading to 2.01 to everyone (OE
and VPN users alike).

   To see whats different and just to get using OE as quickly as possible review
our "Quickstart Guide" while downloading.

--------------------------------------------------------------------------------