Skip to content

Releases: openiked/openiked-portable

OpenIKED 7.3

18 Nov 17:34
@tobhe tobhe
v7.3
6a36fe8
Compare
Choose a tag to compare
OpenIKED 7.3 Latest
Latest

We have released OpenIKED 7.3, which will be arriving in the OpenIKED directory of your local OpenBSD mirror soon.

This release includes the following changes to the previous release:

  • Reexecute child processes after forking for better process isolation
  • Support for new route-based sec(4) tunnels on OpenBSD
  • Handle full x509 chains in CERT payloads
  • Support multiple name servers per interface on Linux.
  • Refactored internal ibuf API for OpenBSD 7.4
  • Optionally use libssytemd to configure DNS via DBUS instead of
    calling resolvectl cli tool on Linux
  • Dropped libapparmor dependency on Linux in favor of directly using the
    /proc interface. This allows us to open file descriptors before dropping
    privileges and change policy afterwards allowing for even stricter
    apparmor configs.
  • Fixed the openssl config used by ikectl to allow renewing expired certificates
  • Sync compatibility layer with OpenBSD
  • Fixed some memory leaks

OpenIKED is known to compile and run on OpenBSD, FreeBSD, NetBSD, macOS and the Linux distributions Arch, Debian, Fedora and Ubuntu.
It is our hope that packagers take interest and help adapt OpenIKED to more distributions.

OpenIKED can be downloaded from any of the mirrors listed at https://www.openbsd.org/ftp.html, from the /pub/OpenBSD/OpenIKED directory.

General bugs may be reported to bugs@openbsd.org. Portable bugs may be filed at https://github.com/openiked/openiked-portable.

We welcome feedback and improvements from the broader community. Thanks to all of the contributors who helped make this release possible.

Assets 2
Loading

OpenIKED 7.2

01 Dec 22:09
@tobhe tobhe
v7.2
17cf021
Compare
Choose a tag to compare
OpenIKED 7.2

We have released OpenIKED 7.2, which will be arriving in the OpenIKED directory of your local OpenBSD mirror soon.

This release includes the following changes to the previous release:

  • Added iked connection statistics counters that can be viewed with 'ikectl show stats'
  • Added support for sending certificate chains in multiple CERT payloads.
  • Added OpenIKED vendor ID payload to improve interoperability with old versions
  • Improved policy lookup by respecting the srcnat property
  • Fixed Child SA nonce comparison bug which lead to sporadic interoperability failures
  • Fixed interoperability with implementations sending more than one CERT payload
  • Fixed a bug where NAT-T was not working correctly on Linux
  • Fixed various bugs and memory leaks.

OpenIKED is known to compile and run on OpenBSD, FreeBSD, NetBSD, macOS and the Linux distributions Arch, Debian, Fedora and Ubuntu.
It is our hope that packagers take interest and help adapt OpenIKED to more distributions.

OpenIKED can be downloaded from any of the mirrors listed at https://www.openbsd.org/ftp.html, from the /pub/OpenBSD/OpenIKED directory.

General bugs may be reported to bugs@openbsd.org. Portable bugs may be filed at https://github.com/openiked/openiked-portable.

We welcome feedback and improvements from the broader community. Thanks to all of the contributors who helped make this release possible.

Assets 2
Loading

OpenIKED 7.1

20 May 11:06
@tobhe tobhe
v7.1
a7707d2
Compare
Choose a tag to compare
OpenIKED 7.1

We have released OpenIKED 7.1, which will be arriving in the OpenIKED directory of your local OpenBSD mirror soon.

This release includes the following changes to the previous release:

  • Added 'ikectl show certinfo' command to print loaded CAs and certificates
  • Hardened default build flags
  • Changed the "proto" config field to optionally accept a list of protocols
  • Added support for using AppArmor to limit process privileges on Linux.
  • Take "Destination ID" payload into consideration when matching policy for incoming handshake to allow finer control over flow configuration
  • Improved IKEv2 Message Fragmentation with more reliable retransmission logic
  • Fixed handshake proposal matching bug
  • Fixed a bug where authentication via local certificates did not work as intended
  • Fixed a bug where alive timer was not reset on config reloading
  • Fixed a bug where iked sent zero-prefixed NAT-T messages on port 500, causing parsing errors.
  • Fixed several memory leaks
  • Added a new portable regression test

OpenIKED is known to compile and run on FreeBSD, NetBSD, macOS and the Linux distributions Arch, Debian, Fedora and Ubuntu.

It is our hope that packagers take interest and help adapt OpenIKED to more distributions.

OpenIKED can be downloaded from any of the mirrors listed at https://www.openbsd.org/ftp.html, from the /pub/OpenBSD/OpenIKED directory.

General bugs may be reported to bugs@openbsd.org. Portable bugs may be filed at https://github.com/openiked/openiked-portable.

We welcome feedback and improvements from the broader community. Thanks to all of the contributors who helped make this release possible.

Assets 2
Loading

OpenIKED 7.0

03 Nov 18:19
@tobhe tobhe
v7.0
a42890e
Compare
Choose a tag to compare
OpenIKED 7.0

We have released OpenIKED 7.0, which will be arriving in the OpenIKED directory of your local OpenBSD mirror soon.

This release includes the following changes to the previous release:

  • Added client-side support for DNS configuration via OpenBSD resolvd(8) and systemd-resolved(8)

  • Added an experimental post-quantum hybrid key exchange method based on Streamlined NTRU Prime (coupled with X25519) as sntrup761x25519

  • Added support to compile and run on macOS

  • Increased default data bytes limit for Child SAs to 4 GB, preventing excessive rekeying and lost data in high performance setups.

  • Fixed a problem where no flows are loaded when a single config address without pool is configured

  • Fixed a bug that broke pfkey acquire on non-OpenBSD systems

OpenIKED is known to compile and run on FreeBSD, NetBSD, macOS and the Linux distributions Arch, Debian and Fedora.

It is our hope that packagers take interest and help adapt OpenIKED to more distributions.

OpenIKED can be downloaded from any of the mirrors listed at https://www.openbsd.org/ftp.html, from the /pub/OpenBSD/OpenIKED directory.

General bugs may be reported to bugs@openbsd.org. Portable bugs may be filed at https://github.com/openiked/openiked-portable.

We welcome feedback and improvements from the broader community. Thanks to all of the contributors who helped make this release possible.

Assets 2
Loading

OpenIKED 6.9.0

28 Apr 15:36
@tobhe tobhe
v6.9.0
1b25611
Compare
Choose a tag to compare
OpenIKED 6.9.0

We have released OpenIKED 6.9.0.

OpenIKED is a free, permissively licensed Internet Key Exchange (IKEv2) implementation, developed as part of the OpenBSD project. It is intended to be a lean, secure and interoperable daemon that allows for easy setup and management of IPsec VPNs.

This is the first stable release from the 6.9 series, which is included with OpenBSD 6.9. OpenIKED-portable is known to compile and run on FreeBSD, NetBSD, and Linux.

We welcome feedback and improvements from the broader community. Thanks to all of the contributors who helped make this release possible.

Assets 2
Loading