The Libreswan Project has released libreswan 5.1

This is a bugfix release. Most importantly, a fix to work properly with Linux 6.9+ kernels, and a workaround for a but in reconnecting iOS/OSX clients that use IKEv1 with XAUTH/ModeConfig. The handling of ipsec interfaces was improved as well.

This latest version of libreswan can be downloaded from:

https://download.libreswan.org/libreswan-5.1.tar.gz https://download.libreswan.org/libreswan-5.1.tar.gz.asc

The full changelog is available at: https://download.libreswan.org/CHANGES

Please report bugs either via one of the mailinglists or at our github bug tracker:

https://lists.libreswan.org/ https://github.com/libreswan/libreswan/issues

See also https://libreswan.org/

v5.1 (Oct 8, 2024)

• IKEv2:
  • fix race when initiator-responder cross rekey requests [Andrew]
  • don't ignore Delete IKE SA request while waiting for Delete IKE SA response [Andrew]
  • log arrival of first IKE_AUTH request that triggers DH [Andrew]
  • rate limit logging of packets with invalid payloads
• IKEv1:
  • fix Quick mode installing 0.0.0.0/0 when no MSG_CONFIG exchange [Andrew, Tuomo]