Today ipsec-tools 0.5.2 was released. You can download it at
Important changes since 0.5.1:
o Fixed single DES support; single DES users MUST UPGRADE.
o Fixed LP64 bug in lifetime
o Fixed Ph2handle unlink when negociation is done
o Some NAT-T fixes
This release is considered stable. Notes for upgrades:
o NAT-T is no longer enabled by default. If you need it, please
enable specifically. This is made to correspond to
o Behaviour of single DES has changed. Single DES behaviour
in this version is not compatible with ipsec-tools releases
0.4rc1 - 0.5.1 and all released snapshots. These versions did
not set encryption keys for single DES SAs in the kernel. This
lead to traffic encrypted with known zero key. It is SECURITY
PROBLEM and if you were using single DES, you HAVE TO UPGRADE.
o single DES is now compatible with other vendor
implementations. But it is considered not secure enough for
long time. Therefore, if possible use stronger algorithms.
ipsec-tools developer team