libreswan-3.15-5.0.1.el7.AXS7

Libreswan is a free implementation of IPsec & IKE for Linux. IPsec is
the Internet Protocol Security and uses strong cryptography to provide
both authentication and encryption services. These services allow you
to build secure tunnels through untrusted networks. Everything passing
through the untrusted net is encrypted by the ipsec gateway machine and
decrypted by the gateway at the other end of the tunnel. The resulting
tunnel is a virtual private network or VPN.

This package contains the daemons and userland tools for setting up
Libreswan. To build KLIPS, see the kmod-libreswan.spec file.

Libreswan also supports IKEv2 (RFC4309) and Secure Labeling

Libreswan is based on Openswan-2.6.38 which in turn is based on FreeS/WAN-2.04

Security issues fixed with this release:

CVE-2015-3240
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.

Enhancements:

* This update adds support for RFC 7383 IKEv2 Fragmentation, RFC 7619 Auth Null and ID Null, INVALID_KE renegotiation, CRL and OCSP support via NSS, AES_CTR and AES_GCM support for IKEv2, CAVS testing for FIPS compliance.
* This update also fixes several memory leaks and introduces a sub-second packet retransmit option.
* This update improves migration support from Openswan to Libreswan. Specifically, all Openswan options that can take a time value without a suffix are now supported, and several new keywords for use in the /etc/ipsec.conf file have been introduced. See the relevant man pages for details.
* With this update, loopback support via the "loopback=" option has been deprecated.
* This update also fixes several memory leaks and introduces a sub-second packet retransmit option.