Updated openswan packages that fix several bugs are now available for Red HatEnterprise Linux 6.

Openswan is a free implementation of Internet Protocol Security (IPsec) andInternet Key Exchange (IKE). IPsec uses strong cryptography to provide bothauthentication and encryption services. These services allow you to build securetunnels through untrusted networks.This update fixes the following bugs:* Prior to this update, rebooting some IPsec gateways did not properly removethe routing table entries for the secure tunnel. As a consequence, when theIPsec gateway reestablished the tunnel, traffic was not properly routed over thetunnel. This update fixes the code that manages routing table entries. As aresult, the traffic is now routed properly in the described scenario.(BZ#1089395)* Previously, an update to the openswan packages omitted support forNAT-Traversal (NAT-T) as specified in the IETF drafts (predating RFC 3947). As aconsequence, devices that do not support RFC 3947 were no longer able to connectto openswan using IKE. With this update, support for NAT-Traversal draft(non-RFC) has been reintroduced into the openswan packages. As a result, thedescribed devices are able to connect to openswan. (BZ#1090273)* Prior to this update, when openswan was run as root it dropped privileges aspart of its operation. As a consequence, openswan was unable to readconfiguration files located in directories not owned by root. With this update,these privileges are no longer dropped when openswan is run as root and willneed to access configuration files in a directory not owned by root. As aresult, openswan successfully reads configuration files as expected.(BZ#1090614)* Previously, when Openswan was stopped or restarted, the openswan scripts(called by the ipsec initscript) logged a harmless error message which had noimpact on functionality. The message read that Openswan is not being able tounload the IPsec kernel modules. With this update, initscripts no longer attemptto unload the IPsec kernel modules once loaded, and error messages are no longerreturned. (BZ#1096640)Users of openswan are advised to upgrade to these updated packages, which fixthese bugs.
Before applying this update, make sure all previously released erratarelevant to your system have been applied.This update is available via the Red Hat Network. Details on how touse the Red Hat Network to apply this update are available athttps://access.redhat.com/site/articles/11258Red Hat Enterprise Linux Desktop (v. 6)

SRPMS:
openswan-2.6.32-27.4.el6_5.src.rpm
    MD5: 381e24cc7bfade04242a82a2bfdf3e1aSHA-256: 1a41f83389fc18f12e8731cadbfbbc94882319fdb87f3955dd0d6d6cfa51df2a
 
IA-32:
openswan-2.6.32-27.4.el6_5.i686.rpm
    MD5: 3348c88176b9e94500043966c6d29933SHA-256: 305cdea517abe1b8888706876df8c893ac35d1fbc0b6fb6a11e34315b3a6f772
openswan-debuginfo-2.6.32-27.4.el6_5.i686.rpm
    MD5: 270c54256ebcb19fbd9cce9387169f3dSHA-256: 960e4cb9a17223692ee4241f33869eb0f2cde4c274a946caa7d9c33eb1a228c4
openswan-doc-2.6.32-27.4.el6_5.i686.rpm
    MD5: 11b39d9fc569c464d86238ed114f0940SHA-256: 20c6f6b4a72d1a44298a66e35d51f3bc3d439828f133233d0f9a484df64bea9d
 
x86_64:
openswan-2.6.32-27.4.el6_5.x86_64.rpm
    MD5: 296e06d31ef0ee386bcb974e2dbdb50eSHA-256: bd9f2c8cde8788e5ddef0ae9fb0fb249ea322ad56f6c3b076b51c7228b5140b4
openswan-debuginfo-2.6.32-27.4.el6_5.x86_64.rpm
    MD5: bc8984c2f7c327ffbcf0d711ae721920SHA-256: 7343455dfb6f83ffecd6f0fd96297a914116a8ffb76e67b25a2cb1b5921c1159
openswan-doc-2.6.32-27.4.el6_5.x86_64.rpm
    MD5: 8bf45a08e38ab050ba89ae34f33606f7SHA-256: 7f1c2461a5fbd74dc3cb9434ea0f73878b04b48b8223b8567abee50f55942c4c
 
Red Hat Enterprise Linux Server (v. 6)

SRPMS:
openswan-2.6.32-27.4.el6_5.src.rpm
    MD5: 381e24cc7bfade04242a82a2bfdf3e1aSHA-256: 1a41f83389fc18f12e8731cadbfbbc94882319fdb87f3955dd0d6d6cfa51df2a
 
IA-32:
openswan-2.6.32-27.4.el6_5.i686.rpm
    MD5: 3348c88176b9e94500043966c6d29933SHA-256: 305cdea517abe1b8888706876df8c893ac35d1fbc0b6fb6a11e34315b3a6f772
openswan-debuginfo-2.6.32-27.4.el6_5.i686.rpm
    MD5: 270c54256ebcb19fbd9cce9387169f3dSHA-256: 960e4cb9a17223692ee4241f33869eb0f2cde4c274a946caa7d9c33eb1a228c4
openswan-doc-2.6.32-27.4.el6_5.i686.rpm
    MD5: 11b39d9fc569c464d86238ed114f0940SHA-256: 20c6f6b4a72d1a44298a66e35d51f3bc3d439828f133233d0f9a484df64bea9d
 
PPC:
openswan-2.6.32-27.4.el6_5.ppc64.rpm
    MD5: 3278f719554862bbc1a6445c170f4e8dSHA-256: 252c1d8fa78352e21469e3a7e036bbe385a276c78f9bb4ff2dbf4de27e915ed1
openswan-debuginfo-2.6.32-27.4.el6_5.ppc64.rpm
    MD5: 721b554c2b2382b1ae500b455b275db4SHA-256: bce2d10fa81c7f8542726b8ba820773168e24ab6bc3423f49510e47c65fe7394
openswan-doc-2.6.32-27.4.el6_5.ppc64.rpm
    MD5: 629bb92ab38639d826a3e6b5a789dae0SHA-256: c2f2c714a83530264e42e4d8d570e392504831c00bed7a4af69ec393cfd9a7e2
 
s390x:
openswan-2.6.32-27.4.el6_5.s390x.rpm
    MD5: eb6fa587d87ce2ef7809c78135edad05SHA-256: 4e811c80b8cfded6b170ae108075f403edb92ed6a19e2a1e4c20b0c2c97575e2
openswan-debuginfo-2.6.32-27.4.el6_5.s390x.rpm
    MD5: 8324b407e52f72c3862aa3aa2d45629fSHA-256: 174f54532a3885957b96a1f73f13e4762a146624f947d2a5021a8d4533e767d2
openswan-doc-2.6.32-27.4.el6_5.s390x.rpm
    MD5: 16240ea0275bb14326bb50d0621a9425SHA-256: ad345d40ba894e4d7be58ce6f6dffe83f9f8fea592879bd642c511403708fb7f
 
x86_64:
openswan-2.6.32-27.4.el6_5.x86_64.rpm
    MD5: 296e06d31ef0ee386bcb974e2dbdb50eSHA-256: bd9f2c8cde8788e5ddef0ae9fb0fb249ea322ad56f6c3b076b51c7228b5140b4
openswan-debuginfo-2.6.32-27.4.el6_5.x86_64.rpm
    MD5: bc8984c2f7c327ffbcf0d711ae721920SHA-256: 7343455dfb6f83ffecd6f0fd96297a914116a8ffb76e67b25a2cb1b5921c1159
openswan-doc-2.6.32-27.4.el6_5.x86_64.rpm
    MD5: 8bf45a08e38ab050ba89ae34f33606f7SHA-256: 7f1c2461a5fbd74dc3cb9434ea0f73878b04b48b8223b8567abee50f55942c4c
 
Red Hat Enterprise Linux Server AUS (v. 6.5)

SRPMS:
openswan-2.6.32-27.4.el6_5.src.rpm
    MD5: 381e24cc7bfade04242a82a2bfdf3e1aSHA-256: 1a41f83389fc18f12e8731cadbfbbc94882319fdb87f3955dd0d6d6cfa51df2a
 
x86_64:
openswan-2.6.32-27.4.el6_5.x86_64.rpm
    MD5: 296e06d31ef0ee386bcb974e2dbdb50eSHA-256: bd9f2c8cde8788e5ddef0ae9fb0fb249ea322ad56f6c3b076b51c7228b5140b4
openswan-debuginfo-2.6.32-27.4.el6_5.x86_64.rpm
    MD5: bc8984c2f7c327ffbcf0d711ae721920SHA-256: 7343455dfb6f83ffecd6f0fd96297a914116a8ffb76e67b25a2cb1b5921c1159
openswan-doc-2.6.32-27.4.el6_5.x86_64.rpm
    MD5: 8bf45a08e38ab050ba89ae34f33606f7SHA-256: 7f1c2461a5fbd74dc3cb9434ea0f73878b04b48b8223b8567abee50f55942c4c
 
Red Hat Enterprise Linux Server EUS (v. 6.5.z)

SRPMS:
openswan-2.6.32-27.4.el6_5.src.rpm
    MD5: 381e24cc7bfade04242a82a2bfdf3e1aSHA-256: 1a41f83389fc18f12e8731cadbfbbc94882319fdb87f3955dd0d6d6cfa51df2a
 
IA-32:
openswan-2.6.32-27.4.el6_5.i686.rpm
    MD5: 3348c88176b9e94500043966c6d29933SHA-256: 305cdea517abe1b8888706876df8c893ac35d1fbc0b6fb6a11e34315b3a6f772
openswan-debuginfo-2.6.32-27.4.el6_5.i686.rpm
    MD5: 270c54256ebcb19fbd9cce9387169f3dSHA-256: 960e4cb9a17223692ee4241f33869eb0f2cde4c274a946caa7d9c33eb1a228c4
openswan-doc-2.6.32-27.4.el6_5.i686.rpm
    MD5: 11b39d9fc569c464d86238ed114f0940SHA-256: 20c6f6b4a72d1a44298a66e35d51f3bc3d439828f133233d0f9a484df64bea9d
 
PPC:
openswan-2.6.32-27.4.el6_5.ppc64.rpm
    MD5: 3278f719554862bbc1a6445c170f4e8dSHA-256: 252c1d8fa78352e21469e3a7e036bbe385a276c78f9bb4ff2dbf4de27e915ed1
openswan-debuginfo-2.6.32-27.4.el6_5.ppc64.rpm
    MD5: 721b554c2b2382b1ae500b455b275db4SHA-256: bce2d10fa81c7f8542726b8ba820773168e24ab6bc3423f49510e47c65fe7394
openswan-doc-2.6.32-27.4.el6_5.ppc64.rpm
    MD5: 629bb92ab38639d826a3e6b5a789dae0SHA-256: c2f2c714a83530264e42e4d8d570e392504831c00bed7a4af69ec393cfd9a7e2
 
s390x:
openswan-2.6.32-27.4.el6_5.s390x.rpm
    MD5: eb6fa587d87ce2ef7809c78135edad05SHA-256: 4e811c80b8cfded6b170ae108075f403edb92ed6a19e2a1e4c20b0c2c97575e2
openswan-debuginfo-2.6.32-27.4.el6_5.s390x.rpm
    MD5: 8324b407e52f72c3862aa3aa2d45629fSHA-256: 174f54532a3885957b96a1f73f13e4762a146624f947d2a5021a8d4533e767d2
openswan-doc-2.6.32-27.4.el6_5.s390x.rpm
    MD5: 16240ea0275bb14326bb50d0621a9425SHA-256: ad345d40ba894e4d7be58ce6f6dffe83f9f8fea592879bd642c511403708fb7f
 
x86_64:
openswan-2.6.32-27.4.el6_5.x86_64.rpm
    MD5: 296e06d31ef0ee386bcb974e2dbdb50eSHA-256: bd9f2c8cde8788e5ddef0ae9fb0fb249ea322ad56f6c3b076b51c7228b5140b4
openswan-debuginfo-2.6.32-27.4.el6_5.x86_64.rpm
    MD5: bc8984c2f7c327ffbcf0d711ae721920SHA-256: 7343455dfb6f83ffecd6f0fd96297a914116a8ffb76e67b25a2cb1b5921c1159
openswan-doc-2.6.32-27.4.el6_5.x86_64.rpm
    MD5: 8bf45a08e38ab050ba89ae34f33606f7SHA-256: 7f1c2461a5fbd74dc3cb9434ea0f73878b04b48b8223b8567abee50f55942c4c
 
Red Hat Enterprise Linux Workstation (v. 6)

SRPMS:
openswan-2.6.32-27.4.el6_5.src.rpm
    MD5: 381e24cc7bfade04242a82a2bfdf3e1aSHA-256: 1a41f83389fc18f12e8731cadbfbbc94882319fdb87f3955dd0d6d6cfa51df2a
 
IA-32:
openswan-2.6.32-27.4.el6_5.i686.rpm
    MD5: 3348c88176b9e94500043966c6d29933SHA-256: 305cdea517abe1b8888706876df8c893ac35d1fbc0b6fb6a11e34315b3a6f772
openswan-debuginfo-2.6.32-27.4.el6_5.i686.rpm
    MD5: 270c54256ebcb19fbd9cce9387169f3dSHA-256: 960e4cb9a17223692ee4241f33869eb0f2cde4c274a946caa7d9c33eb1a228c4
openswan-doc-2.6.32-27.4.el6_5.i686.rpm
    MD5: 11b39d9fc569c464d86238ed114f0940SHA-256: 20c6f6b4a72d1a44298a66e35d51f3bc3d439828f133233d0f9a484df64bea9d
 
x86_64:
openswan-2.6.32-27.4.el6_5.x86_64.rpm
    MD5: 296e06d31ef0ee386bcb974e2dbdb50eSHA-256: bd9f2c8cde8788e5ddef0ae9fb0fb249ea322ad56f6c3b076b51c7228b5140b4
openswan-debuginfo-2.6.32-27.4.el6_5.x86_64.rpm
    MD5: bc8984c2f7c327ffbcf0d711ae721920SHA-256: 7343455dfb6f83ffecd6f0fd96297a914116a8ffb76e67b25a2cb1b5921c1159
openswan-doc-2.6.32-27.4.el6_5.x86_64.rpm
    MD5: 8bf45a08e38ab050ba89ae34f33606f7SHA-256: 7f1c2461a5fbd74dc3cb9434ea0f73878b04b48b8223b8567abee50f55942c4c
 
(The unlinked packages above are only available from the Red Hat Network)
1090273 – openswan breaks NAT-T draft clients (and possibly ike fragmentation)1090614 – Due to lack of CAP_DAC_OVERRIDE, pluto cannot write to directories not owned by root

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from:

Leave a Reply