Note that to compile FreeS/WAN on Red Hat using the Red Hat kernel-source RPM you need to: rm include/linux/modules/*.ver before you 'make dep'. Otherwise you get module version brokenness. -derek "Lucky Green" <shamrock@cypherpunks.to> writes:
The big question is: will FreeS/WAN latest release after some 4 or 5 years of development finally both compile and install cleanly on current versions of Red Hat Linux, FreeS/WAN's purported target platform?
--Lucky, who is bothered by the fact that most his Linux using friends so far have been unable to get FreeS/WAN to even compile into a working kernel, while just about every *BSD distribution - and for that matter Windows XP - ship with a working IPSec implementation out-of-the-box.
-----Original Message----- From: owner-cypherpunks@lne.com [mailto:owner-cypherpunks@lne.com] On Behalf Of Bill Stewart Sent: Thursday, December 06, 2001 2:05 AM To: cypherpunks@lne.com Cc: cryptography@wasabisystems.com Subject: FreeSWAN Release 1.93 ships!
From Claudia Schmeing <claudia@freeswan.org>'s summary: <http://lists.freeswan.org/pipermail/briefs/> =========
1. Release 1.93 ships! =================== 1 post Dec 3
http://lists.freeswan.org/pipermail/users/2001-December/005632 .html
A number of small improvements have been added to this release, which was shipped on-time.
Some highlights:
* Diffie-Hellman group 5 is now the first group proposed. * Two cases where fragmentation is needed will be handled better, thanks to these two changes
The code that decides whether to send an ICMP complaint back about a packet which had to be fragmented, but couldn't be, has gotten smart enough that we now feel comfortable enabling it by default. and
IKE (UDP/500) packets which were large enough to be fragmented used to be mishandled, with some of the fragments failing to bypass IPsec tunnels properly. This has been fixed; our thanks to Hans Schultz.
* If Pluto gets more than one RSA key from DNS, it will now try each key. This will help when a system administrator replaces a key. * There is preliminary support for building RPMs. * SMP support is better. * The team has eliminated a vulnerability that might permit a denial of service attack.
What can we expect from the next release? Henry Spencer writes:
We are in the process of chasing down a couple of significant bugs (which have been there since at least 1.92 and possibly earlier), and we *might* ship another release quite shortly if we nail them down and fix them. If we don't, we won't. Barring that possibility, the next release is planned for the end of January; a more precise date will be announced shortly.
--------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
-- Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory Member, MIT Student Information Processing Board (SIPB) URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH warlord@MIT.EDU PGP key available --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com