deadsimple BSD Security Advisories and Announcements

OpenIKED 7.2 released

We have released OpenIKED 7.2, which will be arriving in the
OpenIKED directory of your local OpenBSD mirror soon.

This release includes the following changes to the previous release:

  * Added iked connection statistics counters that can be viewed with
    'ikectl show stats'

  * Added support for sending certificate chains in multiple CERT payloads.

  * Added OpenIKED vendor ID payload to improve interoperability with older

  * Improved policy lookup by respecting the srcnat property

  * Fixed nonce comparison bug which lead to sporadic failures because
    the wrong Child SA got deleted.

  * Fixed interoperability with implementations sending more than one CERT

  * Fixed a bug where NAT-T was not working correctly on Linux

  * Fixed various bugs and memory leaks.

OpenIKED is known to compile and run on OpenBSD, FreeBSD, NetBSD, macOS
and the Linux distributions Arch, Debian, Fedora and Ubuntu.

It is our hope that packagers take interest and help adapt OpenIKED to
more distributions.

OpenIKED can be downloaded from any of the mirrors listed at, from the /pub/OpenBSD/OpenIKED

General bugs may be reported to Portable bugs
may be filed at

We welcome feedback and improvements from the broader community.
Thanks to all of the contributors who helped make this release