Skip to content

OpenIKED 7.3

Latest
Compare
Choose a tag to compare
@tobhe tobhe released this 18 Nov 17:34
· 18 commits to master since this release

We have released OpenIKED 7.3, which will be arriving in the OpenIKED directory of your local OpenBSD mirror soon.

This release includes the following changes to the previous release:

  • Reexecute child processes after forking for better process isolation
  • Support for new route-based sec(4) tunnels on OpenBSD
  • Handle full x509 chains in CERT payloads
  • Support multiple name servers per interface on Linux.
  • Refactored internal ibuf API for OpenBSD 7.4
  • Optionally use libssytemd to configure DNS via DBUS instead of
    calling resolvectl cli tool on Linux
  • Dropped libapparmor dependency on Linux in favor of directly using the
    /proc interface. This allows us to open file descriptors before dropping
    privileges and change policy afterwards allowing for even stricter
    apparmor configs.
  • Fixed the openssl config used by ikectl to allow renewing expired certificates
  • Sync compatibility layer with OpenBSD
  • Fixed some memory leaks

OpenIKED is known to compile and run on OpenBSD, FreeBSD, NetBSD, macOS and the Linux distributions Arch, Debian, Fedora and Ubuntu.
It is our hope that packagers take interest and help adapt OpenIKED to more distributions.

OpenIKED can be downloaded from any of the mirrors listed at https://www.openbsd.org/ftp.html, from the /pub/OpenBSD/OpenIKED directory.

General bugs may be reported to [email protected]. Portable bugs may be filed at https://github.com/openiked/openiked-portable.

We welcome feedback and improvements from the broader community. Thanks to all of the contributors who helped make this release possible.