[ol7_latest] libreswan-3.20-5.0.1.el7_4.aarch64

Libreswan is a free implementation of IPsec & IKE for Linux.  IPsec is
the Internet Protocol Security and uses strong cryptography to provide
both authentication and encryption services.  These services allow you
to build secure tunnels through untrusted networks.  Everything passing
through the untrusted net is encrypted by the ipsec gateway machine and
decrypted by the gateway at the other end of the tunnel.  The resulting
tunnel is a virtual private network or VPN.

This package contains the daemons and userland tools for setting up
Libreswan. It supports the NETKEY/XFRM IPsec kernel stack that exists
in the default Linux kernel.

Libreswan also supports IKEv2 (RFC-7296) and Secure Labeling

Libreswan is based on Openswan-2.6.38 which in turn is based on FreeS/WAN-2.04

Changelog (Show File list) (Show related packages)

• Thu Nov 30 2017 Bruce Hill <bruce.hill@oracle.com> - 3.20-5.0.1

  - add libreswan-oracle.patch to detect Oracle Linux distro

• Tue Oct 24 2017 Paul Wouters <pwouters@redhat.com> - 3.20-5

  - Resolves: rhbz#1503949 [updated - USE_DNSSEC setting was updated]

• Thu Oct 19 2017 Paul Wouters <pwouters@redhat.com> - 3.20-4

  - Resolves: rhbz#1501809 libreswan does not establish IKE with xauth enabled but modecfg disabled
  - Resolves: rhbz#1503949 xauth password length limited to 64 bytes while XAUTH_MAX_PASS_LENGTH (128)

• Mon Jun 12 2017 Paul Wouters <pwouters@redhat.com> - 3.20-3

  - Resolves: rhbz#1372279 ipsec auto --down CONNECTION returns error for tunnels [updated]
  - Resolves: rhbz#1458227 CAVS test driver does not work in FIPS mode
  - Resolves: rhbz#1452672 (new-ksk-libreswan-el7) DNSSEC trust anchor cannot be updated without recompilation

• Thu Apr 13 2017 Paul Wouters <pwouters@redhat.com> - 3.20-2

  - Resolves: rhbz#1372279 ipsec auto --down CONNECTION returns error for tunnels
  - Resolves: rhbz#1444115 FIPS: libreswan must generate RSA keys with a minimal exponent of F4, nor E=3
  - Resolves: rhbz#1341353 Allow Preshared Key authentication in FIPS mode for libreswan

• Tue Mar 14 2017 Paul Wouters <pwouters@redhat.com> - 3.20-1

  - Resolves: rhbz#1399883 rebase libreswan to 3.20 (full release)

• Mon Feb 20 2017 Paul Wouters <pwouters@redhat.com> - 3.20-0.1.dr3

  - Resolves: rhbz#1399883 rebase libreswan to 3.20

• Wed Sep 07 2016 Paul Wouters <pwouters@redhat.com> - 3.15-8

  - Resolves: rhbz#1361721 libreswan pluto segfault [UPDATED]
  - Resolves: rhbz#1276524 [USGv6] IKEv2.EN.R.1.1.3.2 case failed due to response to bad INFORMATIONAL request [UPDATED]
  - Resolves: rhbz#1309764 ipsec barf [additional man page update and --no-pager]

• Mon Aug 08 2016 Paul Wouters <pwouters@redhat.com> - 3.15-7

  - Resolves: rhbz#1311360  When IKE rekeys, if on a different tunnel, all subsequent attempts to rekey fail
  - Resolves: rhbz#1361721 libreswan pluto segfault

• Tue Jul 05 2016 Paul Wouters <pwouters@redhat.com> - 3.15-6

  - Resolves: rhbz#1283468 keyingtries=0 is broken
  - Resolves: rhbz#1297816 When using SHA2 as PRF algorithm, nonce payload is below the RFC minimum size
  - Resolves: rhbz#1344567 CVE-2016-5361 libreswan: IKEv1 protocol is vulnerable to DoS amplification attack
  - Resolves: rhbz#1313747 ipsec pluto returns zero even if it fails
  - Resolves: rhbz#1302778 fips does not check hash of some files (like _import_crl)
  - Resolves: rhbz#1278063 Unable to authenticate with PAM for IKEv1 XAUTH
  - Resolves: rhbz#1257079 Libreswan doesn't call NetworkManager helper in case of a connection error
  - Resolves: rhbz#1272112 ipsec whack man page discrepancies
  - Resolves: rhbz#1280449 PAM xauth method does not work with pam_sss
  - Resolves: rhbz#1290907 ipsec initnss/checknss custom directory not recognized
  - Resolves: rhbz#1309764 ipsec barf does not show pluto log correctly in the output
  - Resolves: rhbz#1347735 libreswan needs to check additional CRLs after LDAP CRL distributionpoint fails
  - Resolves: rhbz#1219049 Pluto does not handle delete message from responder site in ikev1
  - Resolves: rhbz#1276524 [USGv6] IKEv2.EN.R.1.1.3.2 case failed due to response to bad INFORMATIONAL request
  - Resolves: rhbz#1315412 ipsec.conf manpage does not contain any mention about crl-strict option
  - Resolves: rhbz#1229766 Pluto crashes after stop when I use floating ip address