The Linux FreeS/WAN Project

Introduction     Online Documentation     FreeS/WAN Download     Old News     Related Tools     Helping Out     Bug Reports     Maillist & Archives     IPSEC Community     History & Politics     Credits     Home Page   !Lights!


   As you may have heard, the 2.5 Linux kernel will feature native IPsec support. Will this be the end of FreeS/WAN (and Super FreeS/WAN)? We don't think so. We expect that the FreeS/WAN keying daemon (and its Opportunistic Encryption feature) will be easily usable with the new kernel code. Herbert Xu's patchesare helping us to reach this goal. More detail on these patches, and other FreeS/WAN extensions, is posted on our community page.


   The Linux FreeS/WAN team is pleased to offer you Linux FreeS/WAN 2.00, our first release optimized for Opportunistic Encryption (OE). After installation, ZERO host configuration is required for OE! A Linux box running 2.00 will encrypt all IP packets to other OE capable boxes whenever possible, provided you publish a key and IPsec gateway information in DNS.

   The release also boasts a new configuration mechanism, "policy groups", for use with OE. This lets you specify IPsec security policy (eg. use IPsec when possible, always use IPsec, never use IPsec) for lists of potential IPsec peers, via simple configuration files.

   To learn more about the changes since 1.99, read our CHANGES file.

   Network operators already running FreeS/WAN IPsec VPNs, please also read our upgrading document. Take special note that 1.xx configuration files are not immediately compatible with 2.xx.


   The Linux FreeS/WAN team is pleased to announce the first 2.00 release candidate. The candidate features easier configuration for Opportunistic Encryption. In addition, we have adapted the Delete portion of Mathieu Lafon's Delete/Notify patch (Thanks, Mathieu!). 2.00-rc1 is available here.


   Happy New Year! Thanks to Paul Wouters for working on our Mailman software over the holidays. The lists seem to be functioning well now. Unfortunately, in the process, several people who had been unsubscribed have been resubscribed. Please use the web interface to correct any oopses.

   In other news, we've released 2.00-pre4, where we've continued to build support for policy groups. You can download it using these instructions. Thanks to the community for your ongoing efforts testing our prereleases.


   The Linux FreeS/WAN team quietly released 2.00-pre3, with preliminary support for policy groups.


   After last week's outage, the lists at are back up. Our user support community is now back in full swing.


   The lists have been down for a few days due to Mailman problems. Sorry for any inconvenience.

   Meanwhile folks might want to meet at .


  The Linux FreeS/WAN team is pleased to announce Linux FreeS/WAN 1.99 OE-enabled IPsec.

  • It installs on Red Hat 8.0 and 7.x.
  • If you have Red Hat 8.0 and want to use our 1.x series, this is the release that you need.
  • Documentation is greatly improved.
  • Full details are in our CHANGES file.


   Users experience install troubles on Red Hat 8.0. See the latest List In Brief for details.


   2.00-pre2 ships. The team is still in the process of putting new features into what will become the 2.x series. Proposed 2.x release: November 2000.

  RPMs are not yet available for 2.00-preX.


   2.00-pre1 dropped due to schedule slip.


   The first 2.x prerelease (2.00-pre0) sees the light!


   Linux FreeS/WAN 1.98b was released.


    We have added a new e-postcard(*) list focusing on how FreeS/WAN fits into the various Linux distributions. This list is mostly for distro maintainers to talk to the FreeS/WAN developers and each other, for the details see the first post to the list in the archives.

    *: It's an 'e-postcard' list because 'e-mail's are in e-nvelopes which on the e-nternet means they are e-ncrypted, right?


    The lists are all back up and running just fine again.
    A new feature has been added to the web site, the current FreeSW/AN HTML documentation tree is available via a link at the end of the Documentation page.


    There is a new version of Linux FreeS/WAN now, 1.95. The mail server is fine but an inadvertent Redhat upgrade of mailman has trashed all mail list operations on the system. We hope to be serving lists again by late tonight (Tuesday).


    Monday our mail and list server went down due to poor software choices on our part (Linux fsck and rc scripts...). We should be up sometime late Thursday if things go well, maybe sooner.


    One of our volunteer sysadmins noticed that our SSL certificate used by the mail list machine was out of date, so he generated a new one. Since each user who accesses the mail list web server will see a notice that there is a new certificate they might also want to have a place to check the validity of the cert, here is the data (I wonder just how many of you will check...):

"" (issued to/by "Common Name")
"Freeswan"           (issued to/by "Organization")
"2002/01/28"         (is the Incept Date)
"2003/01/28"         (is the Expiry Date)
"7E:1E:B4:93:BC:75:59:93:68:39:AD:EF:3B:9B:37:85" (MD5 cert hash)
"0D:BF:EA:77:89:30:07:A6:10:6A:6B:30:AA:E5:04:61:B8:23:35:6D" (SHA1 cert hash)


    While freeswan-1.94 has shipped, there are serious known bugs in it that make it unsuitable for use. You have two choices, use the latest snapshot (snap2001dec25b seems ok) where the show stopper bugs seem fixed or use an older 'stable' release like 1.91 or maybe 1.92 from this directory .

    The next release (1.95) is scheduled for late January and rather then try to put out another 'quick bugfix' release we are going to just work on producing a high quality release for the end of January.


    We would like to announce that the Linux FreeS/WAN project has now released version 1.91 of our IPSEC system. This is the version after 1.9, it seemed a little bit better then naming it '1.A'. There are lots of improvements in operations, better security when networking fails, most bugs fixed etc. all documented in CHANGES and yet...

    The BIG news for the 1.91 release is that you can now begin to use Opportunistic Encryption! This is where you don't have to setup by hand each secure link with someone else, it just happens if both of ends set up their reverse DNS correctly. It's not fully done, but you can (and should!) start playing with it! See the documentation file .../freeswan-1.91/doc/opportunism.howto to get started.


    Late breaking news! The website catches up with the software! Two weeks ago the Linux FreeS/WAN team shipped version 1.9 which is mostly a catch up release, catching up with the current kernel stable releases and FreeS/WAN bug fixes. There are known minor problems with this release (as allways see the BUGS and CHANGES files for details), so don't upgrade unless your having problems. If your starting from scratch do use this release though. As allways start from the "Online Documentation" link above and then the "FreeS/WAN Download" link.


    Due to a tragedy of errors the <> email list has been moved to <>. To subscribe or unsubscribe please send email to <> and NOT to the list it's self, as there is no mail list robot to filter out such posts from the list and thus you will be embarrassed.

    This is a tempory setup, in a couple of days we will be movig the list to some sort of list management software (robot) on the same machine. This should cause much less fuss then the move today and be very stable over the long run.


    Linux FreeS/WAN 1.8 is out and on the FTP site. This release is focused on stabilizing the changes made since the 'plateau' relase of 1.5. As allways the surface details are in the CHANGES file, so read for a full accounting of whats new and different.


    Linux FreeS/WAN 1.5 is out and on the FTP site, grab it, use it. This release is mostly polish, bug fixes, documentation etc. If you have had any problems with previous releases, please update to this release and try again before submitting any bug reports. Read the CHANGES file for more details on what has changed.


    Linux FreeS/WAN 1.4 is out and on the FTP site, grab it. As of this date (two weeks after the tar went public) there are known bugs in both Pluto and AH mode. We hope that 1.5 comes out yet this month to fix these bugs. Even with known bugs 1.4 is the current stable release and we recommend using it or if the bugs bite you the current snapshot.


    Today the Linux FreeS/WAN Project team shipped freeswan-1.3 with improved RSA and Road Warrior support!   For details on what has been improved see the Online Documentation page above and to get the latest version goto the FreeS/WAN Download page, also above.

    Another long overdue happening is that the web site is getting some work done to it. The 'home' page is no longer an introduction to what the project is but the most recent news (this) and the current software status (above on the right). A couple of sections have been added (Introduction, Lights) and most will get worked on over the comming weeks. If you have suggestions or content to contribute plese post to the list (see Maillist & Archives above).


    Today the Linux FreeS/WAN project team shipped freeswan-1.2!


    Today the Linux FreeS/WAN project team shipped freeswan-1.1!


    Linux FreeS/WAN has begun showing up in the online news world, here are a few links to places where FreeS/WAN is being talked about:


    The Linux FreeS/WAN Project proudly releases its 1.00 version of IPSEC & IKE to the Linux community on this date. The press release is over there . Also today the project WWW site got a total overhaul to match the new shipping version of FreeS/WAN.