v2.6.33
* Merge in the klips-ipv6 branch [David]
* modprobe more crypto modules on startup (gcm, camelia, sha2* etc) [Paul]
* Added %v4:26/8 to virtual_private ("thanks" to T-Mobile/Rogers/FIDO) [Paul]
* Pluto did not start nhelpers due to --nofork, bug introduced in 2.6.32 [Paul]
* OCF: Set the OCF queues to 10000 when 256MB+ RAM and 1000+ bogomips [Paul]
* Improved NetworkManager support [Avesh]
- This is Red Hat bugzilla 642722, 658253, 659709 and 641068
* ipsec verify now also shows parse errors in ipsec.conf [Paul]
* Always build SHA2 family support for IKE [Paul]
* KLIPS: Add a new option to override the replay window via /sys [David]
(echo 0 > /sys/module/ipsec/parameters/ipsec_replaywin_override)
* Add aesni_intel to the list of crypto modules we attempt to load [Paul]
* enable dumpdir= in stock ipsec.conf for use with abrtd [Paul]
* New per-conn keyword mtu= allows setting the mtu per tunnel [Paul]
* per-conn keyword metric= did not export to userland or updown [Paul/Tuomo]
* Cleaned up and moved some old docs [Paul]
* KLIPS: arp_broken_ops is no longer exported in 2.6.37+ [Paul]
* KLIPS: Fix crasher in ipsec_xmit_state_delete [David]
* Bugtracker bugs fixed:
# 601 KLIPS: NAT-OA UDP checksum bad in transport mode when both sides are
NATted [Wolfgang]
# 645 hundreds of replacements [...]: 000 #3: pending Phase 2 [Anthony Tong]
#1182 Verification of X509 certificate signed by SHA2 [fryasu@yahoo.co.jp]
#1183 Fix documentation typo (in ipsec.conf) [Tuomo]
#1190 nat-t broke on transport mode for klips between 2.6.31 and 2.6.32
[Paul]
#1199 when leftsubnet has a different netmask than the localnet, a route
is added for the localnet to the ipsec device [Tuomo]
#1201 dpd + ddns does not work [Mattias Walström]
#1204 Workaround for iPhone/MacOS X NAT problem [Wolfgang Nothdurft]
#1210 Failes to compile with uClibc >= 0.9.29 [mb@openwrt]