[Swan-dev] [Swan-announce] Libreswan 3.2 released

The Libreswan Project team at libreswan.org
Sun Apr 14 19:11:39 EEST 2013

The Libreswan Project has released libreswan-3.2. This is mostly a
maintenance release. Two minor new features are support for the Initial
Contact payload using the new initial_contact=yes|no option, and the
introduction of nat_keepalive=yes|no option.

You can download this version via https at:


or via ftp at:


The full changelog is available at:

Please report bugs either via one of the mailinglists or at our bug


Binary packages for Fedora, RHEL and Ubuntu can be found at

Additionally, libreswan has been added to the Fedora distribution
(rawhide) and will appear in Fedora 18/19 in the next couple of weeks.

v3.2 (April 13, 2013)
* addresspool: Identify reconnecting client and re-use lease [Antony]
* IKEv1: Support for sending initial_contact in Main Mode [Paul]
* addconn: improve defaultroute finder [Kim]
* compiling: fix use of variables in buidlsystem consitent [Tuomo]
* ipsec: fix syntax error in --help introduced in 3.1 [Tuomo]
* verify: fix wrong confdir location [Tuomo]
* pluto: cleanup of XAUTHuser and traffic statistics logging [Paul]
* pluto: Obsoleted force_keepalive= and --force_keepalive [Paul]
* pluto: Added per-conn nat_keepalive=yes|no (default yes) [Paul]
* pluto: Log our own vendorid as "received" instead of "ignored" [Paul]
* pluto: Prevent logging from truncating XAUTHuser= [Paul]
* pluto: Don't log (0 byte) SA traffic statistics for ISAKMP SA's [Paul]
* pluto: Some more changes in the output of ipsec auto --status [Paul]
* pluto: wipe old logfile on restart (match previous behaviour) [Antony]
* _stackmanager: When unloading NETKEY, unload ip_vti before xfrm*tunnel [Paul]
* _stackmanager: Stack was not cleaned up for upstart / non-modular [Paul]
* building: Fix warnings when compiling with clang [Florian Weimer]
* building: Add -pie to linker flags, ensure relro is not overwritten [Paul]
* building: fix "make depend" in programs/pluto [Antony]
* packaging: Split RHEL spec file into rhel5/rhel6, add USE_OCF flag [Paul]
* initsystem: fixed default sysv init status function [Tuomo]
* KLIPS: SAref patches for 3.0.55+ and RHEL 2.6.32-358.2.1 [Pavel Kopchyk]
* Bugtracker bugs fixed:
     #75: Libreswan inserts wrong xfrm policies on some configurations [Tuomo]
     #76: NSS:: ipsec initnss fails with a @FINALCONFDDIR@ replace and
          no default configdir [Tuomo]
     #78: NSS: segfault on libnss functions when using ikev2 [Antony]
     #85: NETKEY: Pass traffic selectors to the kernel in Transport Mode
          support was incomplete and broke nat-t trasport mode [Kim/Tuomo]
Swan-announce mailing list
Swan-announce at lists.libreswan.org

More information about the Swan-dev mailing list