[Swan-announce] libreswan-5.0 released
The Libreswan Team
team at libreswan.org
Thu Apr 25 01:30:32 EEST 2024
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
The Libreswan Project has released libreswan-5.0
This release is a major release with many features and bugfixes. It
also contains some changes to the defaults, removal of obsoleted
options/keywords and introduction of new options/keywords.
W strongly encourage developers, system integrators, and distribution
vendors to carefully test this release and focus on testing the
upgrade path.
A list of major items for the 5.0 series are:
* A new option to globally disable IKEv1 (enabled by default)
* Combined Traffic Selectors within a single IPsec SA using
leftsubnet=/rightrubnet= (note singular, not plural)
* Combined addresspool support (addresspool=v4/mask,v6/mask)
* Nic Hardware Offload support (eg Nvidia/Mellanox ConnectX)
* "ipsec auto --option" obsoleted for "ipsec option"
(eg ipsec auto --up conn is now "ipsec up conn")
(auto is still working for backwards compatibility)
* XFRM interface IP management from pluto
* nftables support (now the default over iptables)
* Many bugfixes around restarting/reviving connections
* Improved PFS/rekey compatibility
* Drop prefix numbers from ipsec/whack command output
* IKEv2 Labeled IPsec fixes (IKEv1 support removed)
* Removal of _stackmanager
* XFRM flushing moved from init system to pluto
* cleanup of man pages
* added various missing whack options
* Internal SPD routing improvements
For new configuration keywords and whack commands, please see:
* man libreswan
* man pluto
* man ipsec whack
You can download release candidates of libreswan via https at:
https://download.libreswan.org/development/
The full changelog is available at:
https://github.com/libreswan/libreswan/blob/main/CHANGES
Please report bugs either via one of the mailinglists or at our bug
tracker:
https://lists.libreswan.org/
https://github.com/libreswan/libreswan/
-----BEGIN PGP SIGNATURE-----
iQJHBAEBCgAxFiEEkH55DyXB6OVhzXO1hf9LQ7MPxvkFAmYph6ETHHRlYW1AbGli
cmVzd2FuLm9yZwAKCRCF/0tDsw/G+SOSD/4gORliJrY4aO0MpV808ZVtFvhmhoug
MZfKJ4zjH551/MKP0yM0Q+TtKILdPivRCoxryiPJn7HACPc6VURa8U0QIqnyg4W7
bL9K6HscNCegUJiQeMDJbgBGQlC7ftMZcC1fpdmYcmRtmzXfIGA8Nqop4LB6SS+s
TY1jLFwX18gjROiDs2txZ/MqeRkTtnPoh8znrI1PW/m5mQQejnJJjUVmKmLBeZZi
nPi2YZ93JawIWmsnKgZvUDoCfztUASGqCKuksKx0mO3+eXTAQuB8R9GT05/Jutcr
xIqPLNp//4hwLhkWougZ5DOXEuT3FQCst9wF7mCtySuIp69pj2xboH7kSrongFu7
PnqdX5YvEX9vd+UblFfDE+mldDmO4FM19TYvQ06ctRfKGs8Swf2HuH7hP+ASu0Jd
MCyxcVsfm/HZLHAaF15aAS2bE8H+ZcoN4YVwnb2f3MHRr8iz4uwvy0GyoTnBUPgd
6W45bnn9sRCqHWRi3bV28ElJCJiq5Si9nq2Kr/yA6oeYV1KolgRh7xoX4ervOdr8
VIx4pSbmCimnGbd5pufCLhCzfqeHNM0vnAyfWOGWUJI8g4f/lV5dvn6sTEbF1Z0I
MUwB+268WlrPcgYSIrPmmd3ECxxOsiqJ5ufP+mxaOsDD5jfLhGPn5ix0jf98FUlU
dS7uQ3oAwQONvA==
=WkkG
-----END PGP SIGNATURE-----
More information about the Swan-announce
mailing list