[Ipsec-tools-announce] IPsec-tools 0.7 released

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hello all,

The IPsec-tools developer team is pleased to announce that the 0.7.0 
release is now available.

Being a new major version, this release incorporates many added features 
and enhancements (see below). With this release, the 0.6.x branch is now 
considered depreciated. Only major security issues will be addressed in 
the near term. It is highly recommended that all users upgrade to 0.7.0.

Please note that special care should be taken when upgrading from older 
versions of IPsec-tools. Several improvements have been made to more 
correctly validate the configuration file syntax, operational 
parameters, protocol egotiations, etc ... It may be necessary to correct 
your configuration file before the software will operate as expected.

This is also the first official release to be hosted by The NetBSD 
Foundation and associated mirror sites:

http://www.netbsd.org/mirrors/#ftp

ftp://ftp.netbsd.org/pub/NetBSD/misc/ipsec-tools/0.7/ipsec-tools-0.7.tar.bz2
ftp://ftp.netbsd.org/pub/NetBSD/misc/ipsec-tools/0.7/ipsec-tools-0.7.tar.gz

As an alternative, the 0.7 version will also be also available from the 
usual Sourceforge mirror sites:

http://prdownloads.sourceforge.net/ipsec-tools/ipsec-tools-0.7.tar.bz2
http://prdownloads.sourceforge.net/ipsec-tools/ipsec-tools-0.7.tar.gz

The list of new major features is quite extensive.

   o Xauth with pre-shared key PSK
   o Xauth with certificates
   o SHA2 support
   o pkcs7 support
   o system accounting (utmp)
   o Darwin support
   o configuration can be reloaded
   o Support for UNIQUE generated policies
   o Support for semi anonymous sainfos
   o Support for ph1id to remoteid matching
   o Plain RSA authentication
   o Native LDAP support for Xauth and modecfg
   o Group membership checks for Xauth and sainfo selection
   o Camellia cipher support
   o IKE Fragment force option
   o Modecfg SplitNet attribute support
   o Modecfg SplitDNS attribute support ( server side )
   o Modecfg Default Domain attribute support
   o Modecfg DNS/WINS server multiple attribute support
   o Linux labeled security context support

There are a few minor issues with this release that will need to be 
addressed in the future.

   o The linux labeled security context configure does not correctly
     check for the required libraries. The --enable-security-context=no
     option can be used to work around this issue.
   o The dist make target fails to exclude lex/bison generated files

We hope everyone enjoys this new version. Please continue to report any 
problems using the Sourceforge mailing lists or other appropriate 
channels. But before doing so, please be sure to compare your existing 
configuration file with the updated syntax defined in the racoon.conf 
man page :-)

SHA256 (ipsec-tools-0.7.tar.bz2) =
e99919b0ffcd86e10775ef039c340b50e45d6a4169a8465263c86b62addf0ff4
SHA256 (ipsec-tools-0.7.tar.gz) =
eac57d9715e0645113b2ffa3b10753068e60ad4fc0bcdd254135a1d003529fba

MD5 (ipsec-tools-0.7.tar.bz2) = c0a586924edde35264ecfe94ad1c261f
MD5 (ipsec-tools-0.7.tar.gz) = 1234d84ed02ca71eb01140ff96b81466

Matthew Grooms,
ipsec-tools developer team