[Announce] ANNOUNCE: strongswan-2.6.4 released

Andreas Steffen andreas.steffen at strongswan.org
Thu Apr 13 09:51:08 CEST 2006

I'm happy to announce the release of strongswan-2.6.4 available from


New features:

  - The new _updown_policy template supports the IPsec policy matching
    rules of iptables-1.3.5. Making use of the PLUTO_REQID environment
    variable set by the IKE daemon pluto upon the establishment of an
    IPsec connection, the updown script inserts dynamic iptables
    firewall rules that pass only packets coming out from or going
    into a VPN tunnel. All UML scenarios from


    already use the new firewall rules. _updown_policy obsoletes
    _updown_espmark because there is no need any more to set marks
    on incoming ESP packets via the INPUT mangle chain.
    ATTENTION: The ipsec policy matching rules of iptables-1.3.5
    require a Linux kernel >= 2.6.16.

- strongSwan now supports DPD restart mode (dpdaction=restart)

- ipsec starter now allows the use of wildcards in include
   statements as e.g. in "include /etc/my_ipsec/*.conf".
   Patch courtesy of Matthias Haas.

Best regards


Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org 

Institute of Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3417 bytes
Desc: S/MIME Cryptographic Signature
Url : https://lists.strongswan.org/pipermail/announce/attachments/20060413/cba8e008/smime.bin

More information about the Announce mailing list