Development of libreswan vs openswan

animated

UPDATE: Statistics updated to include 2017

Yesterday, openswan released version 2.6.40 to address CVE-2013-6466. You might be confused by its changelog (not the non-updated CHANGES) crediting me for the vast majority of code changes. . Basically all changes are pulled from the libreswan repository and are backports to openswan. The exception is their version of a patch for CVE-2013-6466. Libreswan’s fix is not a band-aid but an updated state machine. The backported libreswan fix is what is going into the updated openswan packages for RHEL5 and RHEL6 and are available at libreswan.org/security/openswan/CVE-2013-6466. RHEL7 will contain libreswan.

Basically, yesterday’s openswan 2.6.40 release brings it up to the initial libreswan-3.0 release of two years ago, plus the two CVE issues. Except that it crashes KLIPS and backported a libreswan commit that broke all non-XAUTH IPsec connections.

6 thoughts on “Development of libreswan vs openswan

  1. Pingback: IPsec/L2TP VPN Auto Setup for Ubuntu with Libreswan « Worldpillar

  2. What about strongswan? Isn’t it the de-factor standard in distros? Any thoughts of that?
    I was recently thinking about switching to libreswan from strongswan, but couldn’t find a real comparison. Looks like strongswan has more features and a newer codebase, while libreswan depends on a rock solid core, but that’s subjective…

Leave a Reply

Your email address will not be published. Required fields are marked *