OpenIKED 7.3 released

Contributed by rueda on 2023-11-20 from the Ike, IPSec my keys dept.

Tobias Heider (tobhe@) has announced the release of version 7.3 of OpenIKED:

We have released OpenIKED 7.3, which will be arriving in the OpenIKED
directory of your local OpenBSD mirror soon.

This release includes the following changes to the previous release:

    * Reexecute child processes after forking for better process
      isolation

    * Support for new route-based sec(4) tunnels on OpenBSD

    * Handle full x509 chains in CERT payloads
    
    * Support multiple name servers per interface on Linux.

    * Refactored internal ibuf API for OpenBSD 7.4

    * Optionally use libssytemd to configure DNS via DBUS instead of
      calling resolvectl cli tool on Linux

    * Dropped libapparmor dependency on Linux in favor of directly
      using the /proc interface. This allows us to open file descriptors
      before dropping privileges and change policy afterwards allowing
      for even stricter apparmor confinement.

    * Fixed the openssl config used by ikectl to allow renewing expired
      certificates

    * Sync compatibility layer with OpenBSD

    * Fixed some memory leaks

OpenIKED is known to compile and run on OpenBSD, FreeBSD, NetBSD, macOS
and the Linux distributions Arch, Debian, Fedora and Ubuntu.

It is our hope that packagers take interest and help adapt OpenIKED
to more distributions.

OpenIKED can be downloaded from any of the mirrors listed at
https://www.openbsd.org/ftp.html, from the /pub/OpenBSD/OpenIKED
directory.

General bugs may be reported to bugs@openbsd.org. Portable bugs
may be filed at https://github.com/openiked/openiked-portable.

We welcome feedback and improvements from the broader community.
Thanks to all of the contributors who helped make this release
possible.

Yet another release of the truly portable IPSec tool for us all to enjoy!

(Comments are closed)

Latest Articles

Fri, Apr 26
- 08:33 Passphrase timeout for disk decryption at boot added (potential battery lifesaver) (2)
Wed, Apr 24
- 04:35 Game of Trees 0.98 released (3)
Tue, Apr 23
- 05:25 pfctl(8) and systat(8) to display fragment reassembly statistics (0)
Thu, Apr 18
- 05:05 Coming soon to a -current system near you: parallel raw IP input (0)
Wed, Apr 17
- 05:33 In -current, default write format for tar(1) changed to "pax" (17)
Wed, Apr 10
- 18:50 OpenSMTPD 7.5.0p0 Released (2)
Tue, Apr 09
- 04:49 20 years since "and we're just starting": undeadly.org turns 20 (2024-04-09) (13)
Fri, Apr 05
- 06:16 OpenBSD 7.5 released (3)
Thu, Mar 28
- 18:18 LibreSSL 3.8.4 and 3.9.1 released (0)

Credits

Copyright © 2004-2008 Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to April 2nd 2004 as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]