Development of libreswan vs openswan


UPDATE: Statistics updated to include 2017

Yesterday, openswan released version 2.6.40 to address CVE-2013-6466. You might be confused by its changelog (not the non-updated CHANGES) crediting me for the vast majority of code changes. . Basically all changes are pulled from the libreswan repository and are backports to openswan. The exception is their version of a patch for CVE-2013-6466. Libreswan’s fix is not a band-aid but an updated state machine. The backported libreswan fix is what is going into the updated openswan packages for RHEL5 and RHEL6 and are available at RHEL7 will contain libreswan.

Basically, yesterday’s openswan 2.6.40 release brings it up to the initial libreswan-3.0 release of two years ago, plus the two CVE issues. Except that it crashes KLIPS and backported a libreswan commit that broke all non-XAUTH IPsec connections.

6 thoughts on “Development of libreswan vs openswan

  1. Pingback: IPsec/L2TP VPN Auto Setup for Ubuntu with Libreswan « Worldpillar

  2. What about strongswan? Isn’t it the de-factor standard in distros? Any thoughts of that?
    I was recently thinking about switching to libreswan from strongswan, but couldn’t find a real comparison. Looks like strongswan has more features and a newer codebase, while libreswan depends on a rock solid core, but that’s subjective…

Leave a Reply

Your email address will not be published. Required fields are marked *