deadsimple BSD Security Advisories and Announcements

OpenIKED 7.0 released

We have released OpenIKED 7.0, which will be arriving in the
OpenIKED directory of your local OpenBSD mirror soon.

This release includes the following changes to the previous release:

  * Added client-side support for DNS configuration via
    OpenBSD resolvd(8) and systemd-resolved(8)

  * Added an experimental post-quantum hybrid key exchange method
    based on Streamlined NTRU Prime (coupled with X25519) as

  * Added support to compile and run on macOS

  * Increased default data bytes limit for Child SAs to 4 GB,
    preventing excessive rekeying and lost data in high performance

  * Fixed a problem where no flows are loaded when a single config
    address without pool is configured

  * Fixed a bug that broke pfkey acquire on non-OpenBSD systems

OpenIKED is known to compile and run on FreeBSD, NetBSD,
macOS and the Linux distributions Arch, Debian and Fedora.

It is our hope that packagers take interest and help adapt
OpenIKED to more distributions.

OpenIKED can be downloaded from any of the mirrors listed at, from the /pub/OpenBSD/OpenIKED

General bugs may be reported to  Portable bugs
may be filed at

We welcome feedback and improvements from the broader community.
Thanks to all of the contributors who helped make this release