secnet 0.3.1~beta2

Ian Jackson ijackson at
Sat May 3 19:10:00 BST 2014

Hash: SHA256

I am pleased to announce secnet 0.3.1~beta2.  This is the 2nd beta of
secnet 0.3.1.

0.3.1 contains bugfixes, including some security fixes to
vulnerabilities which are exposed to internal vpn traffic.  It also
has a new feature intended to help with underlying network with broken
handling of large packets.

0.3.1~beta2 contains a bugfix to 0.3.1~beta1.  The fix is important
for point-to-point links when the new mtu-target feature is in use (or
with point-to-point links in other mixed-mtu situations).

One symptom of this bug is broken path mtu discovery (resulting in TCP
hanging) when a new (0.3.1~beta) secnet with a low mtu target talks to
an old secnet (one without mtu negotiation, 0.3.0 and earlier).

The bugfix is not important in non-point-to-point configurations -
i.e. when the secnet instance has its own IP address.

0.3.1~beta2 can be found here:

If you are able to do so conveniently, please test it.  It should be
backwards-compatibile with previous versions.  For those on the SGO
VPN: chiark is already running this version.

For a summary of the changes see the changelog extracts below.  For
full details see the git history.

secnet (0.3.1~beta2) unstable; urgency=low

  Fix relating to new fragmentation / ICMP functionality:
  * Generate ICMP packets correctly in point-to-point configurations.

 -- Ian Jackson <ijackson at>  Sat, 03 May 2014 18:58:09 +0100

secnet (0.3.1~beta1) unstable; urgency=low

  Security fixes (vulnerabilities are to inside attackers only):
  * SECURITY: Fixes to MTU and fragmentation handling.
  * SECURITY: Correctly set "unused" ICMP header field.
  * SECURITY: Fix IP length check not to crash on very short packets.

  New feature:
  * Make the inter-site MTU configurable, and negotiate it with the peer.

  Bugfixes etc.:
  * Fix netlink SEGV on clientless netlinks (i.e. configuration error).
  * Fix formatting error in p-t-p startup message.
  * Do not send ICMP errors in response to unknown incoming ICMP.
  * Fix formatting error in secnet.8 manpage.
  * Internal code rearrangements and improvements.

  Packaging improvements:
  * Updates to release checklist in
  * Additions to the test-example suite.

 -- Ian Jackson <ijackson at>  Thu, 01 May 2014 19:02:56 +0100
Version: GnuPG v1.4.12 (GNU/Linux)


More information about the sgo-software-announce mailing list