OpenIKED 7.1 released
23 May, 2022 by firstname.lastname@example.org | openbsd
We have released OpenIKED 7.1, which will be arriving in the OpenIKED directory of your local OpenBSD mirror soon. This release includes the following changes to the previous release: * Added 'ikectl show certinfo' command to print loaded CAs and certificates * Improved IKEv2 Message Fragmentation with more reliable retransmission logic * Take "Destination ID" payload into consideration when matching policy for incoming handshake to allow finer control over flow configuration * Changed the "proto" config field to optionally accept a list of protocols * Added support for using AppArmor to limit process privileges on Linux. * Hardened default build flags * Fixed a bug where authentication via local certificates did not work as intended * Fixed handshake proposal matching bug * Fixed a bug where alive timer was not reset on config reloading * Fixed a bug where iked sent zero-prefixed NAT-T messages on port 500 causing parsing errors. * Fixed several memory leaks * Added a new portable regression test OpenIKED is known to compile and run on FreeBSD, NetBSD, macOS and the Linux distributions Arch, Debian, Fedora and Ubuntu. It is our hope that packagers take interest and help adapt OpenIKED to more distributions. OpenIKED can be downloaded from any of the mirrors listed at https://www.openbsd.org/ftp.html, from the /pub/OpenBSD/OpenIKED directory. General bugs may be reported to email@example.com. Portable bugs may be filed at https://github.com/openiked/openiked-portable. We welcome feedback and improvements from the broader community. Thanks to all of the contributors who helped make this release possible.