As you may have heard, the 2.5 Linux kernel will feature
native IPsec support.
Will this be the end of FreeS/WAN (and
Super FreeS/WAN)? We don't think so.
We expect that the FreeS/WAN keying daemon (and its
feature) will be easily usable with the new kernel code.
Herbert Xu's patchesare helping us to reach this goal.
More detail on these patches, and other FreeS/WAN extensions, is posted on
our community page.
The Linux FreeS/WAN team is pleased to offer you Linux
FreeS/WAN 2.00, our first release optimized for Opportunistic Encryption
(OE). After installation, ZERO host configuration is required for
OE! A Linux box running 2.00 will encrypt all IP packets to other
OE capable boxes whenever possible, provided you publish
a key and IPsec gateway information in DNS.
The release also boasts a new configuration mechanism,
groups", for use with OE. This lets you specify IPsec security
policy (eg. use IPsec when possible, always use IPsec, never use IPsec)
for lists of potential IPsec peers, via simple configuration files.
To learn more about the changes since 1.99, read our
Network operators already running FreeS/WAN IPsec VPNs,
please also read our upgrading
document. Take special note that 1.xx configuration files are not
immediately compatible with 2.xx.
The Linux FreeS/WAN team is pleased to announce the first 2.00
release candidate. The candidate features easier configuration for
Opportunistic Encryption. In addition, we have adapted the Delete
portion of Mathieu Lafon's Delete/Notify patch (Thanks, Mathieu!).
2.00-rc1 is available here.
Happy New Year! Thanks to Paul Wouters for working on our Mailman
software over the holidays. The lists seem to be functioning well now.
Unfortunately, in the process, several people who had been unsubscribed
have been resubscribed. Please use the
to correct any oopses.
In other news, we've released 2.00-pre4, where we've continued to build
support for policy groups. You can download it using
Thanks to the community for your ongoing efforts testing our prereleases.
The Linux FreeS/WAN team quietly released 2.00-pre3, with preliminary
support for policy groups.
After last week's outage, the lists at freeswan.org are back up.
Our user support community is now back in full swing.
The lists have been down for a few days due to Mailman problems.
Sorry for any inconvenience.
Meanwhile folks might want to meet at irc.freenode.net#freeswan .
The Linux FreeS/WAN team is pleased to announce Linux FreeS/WAN
1.99 OE-enabled IPsec.
- It installs on Red Hat 8.0 and 7.x.
- If you have Red Hat 8.0 and want to use our 1.x series, this is the
release that you need.
is greatly improved.
- Full details are in our CHANGES file.
Users experience install troubles on Red Hat 8.0. See the
latest List In Brief for details.
2.00-pre2 ships. The team is still in the process of putting new
features into what will become the 2.x series. Proposed 2.x release:
RPMs are not yet available for 2.00-preX.
2.00-pre1 dropped due to schedule slip.
The first 2.x prerelease (2.00-pre0) sees the light!
Linux FreeS/WAN 1.98b was released.
We have added a new e-postcard(*) list focusing on how FreeS/WAN fits
into the various Linux distributions. This list is mostly for distro
maintainers to talk to the FreeS/WAN developers and each other, for
the details see the first post to the list in the archives.
*: It's an 'e-postcard' list because 'e-mail's are in e-nvelopes which on the e-nternet means they are e-ncrypted, right?
The lists are all back up and running just fine again.
A new feature has been added to the web site, the current FreeSW/AN
HTML documentation tree is available via a link at the end of the
There is a new version of Linux FreeS/WAN now, 1.95. The mail
server is fine but an inadvertent Redhat upgrade of mailman has
trashed all mail list operations on the system. We hope to be
serving lists again by late tonight (Tuesday).
Monday our mail and list server went down due to poor software
choices on our part (Linux fsck and rc scripts...). We should be up
sometime late Thursday if things go well, maybe sooner.
One of our volunteer sysadmins noticed that our SSL certificate
used by the mail list machine was out of date, so he generated a new
one. Since each user who accesses the mail list web server will see
a notice that there is a new certificate they might also want to have
a place to check the validity of the cert, here is the data (I wonder
just how many of you will check...):
"lists.freeswan.org" (issued to/by "Common Name")
"Freeswan" (issued to/by "Organization")
"2002/01/28" (is the Incept Date)
"2003/01/28" (is the Expiry Date)
"7E:1E:B4:93:BC:75:59:93:68:39:AD:EF:3B:9B:37:85" (MD5 cert hash)
"0D:BF:EA:77:89:30:07:A6:10:6A:6B:30:AA:E5:04:61:B8:23:35:6D" (SHA1 cert hash)
While freeswan-1.94 has shipped, there are serious known bugs in it
that make it unsuitable for use. You have two choices, use the latest
snapshot (snap2001dec25b seems ok) where the show stopper bugs seem
fixed or use an older 'stable' release like 1.91 or maybe 1.92 from this
The next release (1.95) is scheduled for late January and rather then
try to put out another 'quick bugfix' release we are going to just
work on producing a high quality release for the end of January.
We would like to announce that the Linux FreeS/WAN project has now
released version 1.91 of our IPSEC system. This is the version after
1.9, it seemed a little bit better then naming it '1.A'. There are
lots of improvements in operations, better security when networking
fails, most bugs fixed etc. all documented in CHANGES and yet...
The BIG news for the 1.91 release is that you can now begin to use
Opportunistic Encryption! This is where you don't have to setup
by hand each secure link with someone else, it just happens if both of
ends set up their reverse DNS correctly. It's not fully done, but you can
(and should!) start playing with it! See the documentation file .../freeswan-1.91/doc/opportunism.howto
to get started.
Late breaking news! The website catches up with the software!
Two weeks ago the Linux FreeS/WAN team shipped version 1.9 which is
mostly a catch up release, catching up with the current kernel
stable releases and FreeS/WAN bug fixes. There are known minor
problems with this release (as allways see the BUGS and CHANGES
files for details), so don't upgrade unless your having problems.
If your starting from scratch do use this release though. As
allways start from the "Online Documentation" link above and then
the "FreeS/WAN Download" link.
Due to a tragedy of errors the <firstname.lastname@example.org> email
list has been moved to <email@example.com>. To subscribe
or unsubscribe please send email to <firstname.lastname@example.org>
and NOT to the list it's self, as there is no mail list robot to
filter out such posts from the list and thus you will be embarrassed.
This is a tempory setup, in a couple of days we will be movig the
list to some sort of list management software (robot) on the same
machine. This should cause much less fuss then the move today and be
very stable over the long run.
Linux FreeS/WAN 1.8 is out and on the FTP site. This release is
focused on stabilizing the changes made since the 'plateau' relase
of 1.5. As allways the surface details are in the
CHANGES file, so
read for a full accounting of whats new and different.
Linux FreeS/WAN 1.5 is out and on the FTP site, grab it, use it.
This release is mostly polish, bug fixes, documentation etc. If you
have had any problems with previous releases, please update to this
release and try again before submitting any bug reports. Read the
CHANGES file for
more details on what has changed.
Linux FreeS/WAN 1.4 is out and on the FTP site, grab it. As of
this date (two weeks after the tar went public) there are known bugs
in both Pluto and AH mode. We hope that 1.5 comes out yet this
month to fix these bugs. Even with known bugs 1.4 is the current
stable release and we recommend using it or if the bugs bite you the
Today the Linux FreeS/WAN Project team shipped freeswan-1.3 with
improved RSA and Road Warrior support! For details on what has
been improved see the Online Documentation page above
and to get the latest version goto the FreeS/WAN Download page,
Another long overdue happening is that the web site is getting some
work done to it. The 'home' page is no longer an introduction to
what the project is but the most recent news (this) and the current
software status (above on the right). A couple of sections have
been added (Introduction, Lights) and most will get worked on over
the comming weeks. If you have suggestions or content to contribute
plese post to the list (see Maillist & Archives above).
Today the Linux FreeS/WAN project team shipped
Today the Linux FreeS/WAN project team shipped
Linux FreeS/WAN has begun showing up in the
online news world, here are a few links to places where FreeS/WAN
is being talked about:
The Linux FreeS/WAN Project proudly releases its
1.00 version of IPSEC & IKE to the Linux community on this
date. The press release is over there . Also today the
project WWW site got a total overhaul to match the new shipping
version of FreeS/WAN.