| The current version of Linux FreeS/WAN is 2.06, 
              released 2004/04/22.   Recent Project News: 2003/04/22
    
The FreeS/WAN team is proud to announce the arrival of 2.06, the project's 
final release of its freely redistributable IPsec for Linux. Here are a few 
of its notable features, as documented in the CHANGES file:
 
   KLIPS has been ported to Linux 2.6; please see the INSTALL file for 
   more details.FreeS/WAN's kernel configuration option, CONFIG_IPSEC, has been changed
   to CONFIG_KLIPS, due to a name conflict with 2.6 IPsec. This breaks "make
   oldgo" on any kernel version, unless a corresponding change is made by hand
   to the kernel's .config file.KLIPS modules generated for 2.4 kernels via "make module" are now created
   in the modobj subdirectory, instead of linux/net/ipsec. The "make minstall"
   target has been updated, but users accustomed to a manual install take
   note.KLIPS now permits DNS packets out on UDP and TCP port 53.All support for transport mode has been removed.  
    Due to a bugfix which addresses a buffer overrun, users of past 
releases may wish to upgrade:
 KLIPS code has been updated to avoid buffer overruns during generation of
   /proc file contents.
   As usual, you can grab this release via ftp from xs4all.nl:     ncftpget ftp://ftp.xs4all.nl/pub/crypto/freeswan/freeswan-*   ... and binaries for RedHat/Fedora Core users here:     ncftp ftp://ftp.xs4all.nl/pub/crypto/freeswan/binaries/RedHat-RPMs/   Although this is the final full release, if bugfixes warrant it, patches will
be posted here.
The team would like to thank our sponsors, past team members, 
and all the contributors and users of past FreeS/WAN releases. Thanks to 
all for your hard work and community support.
Lastly, for current FreeS/WAN users who are wondering 
"where do I go from here?", take note of two projects, both forks of the 
FreeS/WAN codebase:
Openswan and
Strongswan.
 
 2004/03/01
    
FreeS/WAN is no longer in active development. Although 
we've created a solid IPsec implentation widely used to construct
Virtual Private Networks, the
project's major goal, ubiquitous Opportunistic Encryption,
is unlikely to be reached given its current level of community support.
For the full story, please see this announcement.
   
We plan a final (2.06) development release shortly, with bugfix releases to 
follow as needed. Our community at lists.freeswan.org will continue to provide 
a forum where users can support one another, and our Web site will remain 
up. 
We expect that FreeS/WAN and its derivatives will be actively used for
some time to come.
 
 2004/02/09
    
The FreeS/WAN team has shipped release 2.05, our first release with AH
(Authentication Header) removed!
As part of our continuing efforts to create a lightweight, robust
Opportunistic Encryption (OE) product, (and inspired by Schneier and
Ferguson's critique of IPsec), we've removed AH from FreeS/WAN. For more
information, see this page.
   
Still in the "experimental support stage" is lwdnsq (lightweight DNS queue),
a mini resolver designed to provide resilient, authenticated DNS lookups to
facilitate OE. lwdnsq now supports DNSsec.
                                                                    FreeS/WAN now by default generates RSA keys of random length for
authentication. If variable key lengths are widely deployed, FreeS/WAN
will not provide a "sweet spot" key length where crackers could easily focus
their efforts. A generic attack on FreeS/WAN might then require a more diverse
and thorough approach. For more, see this
design-list discussion.
   
Please see our CHANGES file for more detail.
 
 2003/12/22
    
The mailing lists are running again. For the users' list, we've had to revert
to an October 8 backup. If you find yourself inadvertently subscribed 
again, or want to be effortlessly resubscribed, send mail to 
sam at freeswan dot org.
 
 2003/12/07
    
The FreeS/WAN mailing lists (lists.freeswan.org) have been down since 
Thursday, due to hard disk failure. We are recovering the data and expect 
to have the lists running again soon.
 
 2003/11/13
    
2.04 is a bugfix release, important for users of FreeS/WAN 2.03
with 2.6 kernel native IPsec. It is not relevant to users of 
FreeS/WAN's KLIPS code on a regular 2.4 series kernel.
 
    
                                                                               
FreeS/WAN 2.03 with 2.6 kernel IPsec is vulnerable to a 
class of exploits based on properties
of that kernel's Netlink code, itself still in development. For example, 
Netlink can receive input from a userspace process and pass it along to 
another process which relies on Netlink, such as FreeS/WAN's Pluto keying 
daemon. A local user might use this method to send malicious messages to Pluto.
Our 2.04 release contains bugfixes hardening Pluto against this 
class of attack. All users of FreeS/WAN 2.03 on 2.6 series
kernels are encouraged to upgrade.
 
    
For this release, we have created RPMs suitable for use on Fedora Core 1.
They are available via the usual download methods.
 
 2003/10/13
    
Linux FreeS/WAN 2.03 is out! It features preliminary support for 2.6 kernels, 
either via KLIPS or the native 2.6 kernel IPsec. 
See the 
new 2.6.known-issues document for more details. 2.03 also ships 
with an iproute2 based _updown script. Several bugfixes are included, notably 
a fix for SHA1 packet reception.
For more information, see our CHANGES and BUGS documents.
 
 2003/09/04
    
The Linux FreeS/WAN team is pleased to announce release 2.02.
This release offers several new conveniences, including:
 
one-line configuration for initiator-only Opportunistic Encryption,
(OE) using ipsec.conf's new myid option. See our 
quickstart guide
to get set up for OE.a new RPM (Redhat Package Manager) spec file.
This will help folks who need to compile RPMs from FreeS/WAN source.
 In addition, wavesec and 
OE now coexist nicely.
As always, more details are in CHANGES and BUGS.
 
 2003/07/04
    
  FreeS/WAN 2.01 has shipped and is available as both source and
binary RPM's.  This is an important release for anyone using
Opportunistic Encryption (OE) as there is a small but serious change
to the OE protocol.  For now the protocol is backwards compatible, but
we strongly suggest upgrading to 2.01 to everyone (OE and VPN users
alike). 
    
  To see whats different and just to get using OE as quickly as
possible review our "Quickstart
  Guide" while downloading.
 
 |