[Announce] ANNOUNCE: strongswan-4.1.5 released

Andreas Steffen andreas.steffen at strongswan.org
Wed Aug 8 10:41:35 CEST 2007


we are happy to announce strongswan-4.1.5 available from


The latest release fixes a couple of minor bugs related to the IKEv2
MOBIKE protocol and improves the DNS lookup done by the ipsec starter:

- Source routes installed by the keying daemons are now in a separate
  routing table with ID 100 to avoid conflicts with the main table.
  Route lookup for IKEv2 traffic is done in userspace to ignore
  routes installed for IPsec, as IKE traffic shouldn't get encapsulated.

- If a DNS lookup failure occurs when resolving right=%<FQDN>
  or right=<FQDN> combined with the rightallowany=yes option then
  the connection is not updated by ipsec starter thus preventing
  the disruption of an active IPsec connection. Only if the DNS
  lookup successfully returns with a changed IP address the
  corresponding connection definition is updated.

We also want to make you aware that if you are setting up IKEv2
connections then UDP port 4500 must be open on both peers because
the Mobility and Multihoming protocol (MOBIKE, RFC 4555) switches
to the NAT traversal port 4500 starting with the IKE_AUTH request
message, even if currently no NAT situation has been discovered.

Best regards

Martin Willi & Andreas Steffen

Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute of Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)

More information about the Announce mailing list