linux-ipsec: Benefits of current versions?

Hi. I've been occupied with other things of late, and only skimming the list. I have finally brought up our production VPN using freeswan-0.90. That was the current version when I shipped the machines after in-house testing. I am happy to report that I finally have it working correctly. The remote machine even doubles as a masquerading firewall, and I am currently reasonalby happy with the result.

The question I have is: what benefits would upgrading to .91 or the current snapshot give me? And at what setup cost? Both machines are Redhat 5.1/2.0.35 machines running Paul Russell's ipchains patch for the firewalling stuff <http://www.rustcorp.com/linux/ipchains/> and freeswan 0.90.

The feature I would most like is to be able to just restart the active end of the Pluto connection; currently, that fails every time. If I restart the passive pluto and then the active one, I usually get a good connection. Sometimes I wind up cleaning up old spis and eroutes before I can bring the connection back up, though.

Thanks for any information you can give.

-- 

Randy Dees
Unix Systems Administrator				Amherst Systems, Inc.