Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-122626

esp (and possibly others) option are not exported from libreswan profile [rhel-9]

Linking RHIVOS CVEs to...Migration: Automation ...RHELPRIO AssignedTeam ...SWIFT: POC ConversionSync from "Extern...XMLWordPrintable

    • NetworkManager-libreswan-1.2.27-4.el9
    • No
    • Moderate
    • rhel-net-mgmt
    • 1
    • False
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • Hide

      Definition of Done:

      Please mark each item below with ( / ) if completed or ( x ) if incomplete:

      ( ) The acceptance criteria defined below are met.

      Given a sysadmin configures a libreswan VPN connection using `nmcli`, and explicitly sets the `esp` parameter or other options via `vpn.data`, 

      When they run `nmcli connection export <name>`,  

      Then the exported config must include the `esp` value and the other options as originally defined.


      Given a sysadmin sets the `esp` parameter or other options via `nmcli connection modify ... vpn.data ...`,  

      When they later inspect the exported config,  

      Then the values of `esp` and the other options must be present and preserved with exact fidelity, matching the input.

      ( ) Integration test case is available upstream.

      ( ) Code is reviewed and merged upstream.

      ( ) Preliminary testing is done.

      ( ) Upstream documentation is written in the upstream MR.

      ( ) Release notes text is written in the RHEL issue.

      ( ) A demo is recorded

      Show
      Definition of Done: Please mark each item below with ( / ) if completed or ( x ) if incomplete: ( ) The acceptance criteria defined below are met. Given a sysadmin configures a libreswan VPN connection using `nmcli`, and explicitly sets the `esp` parameter or other options via `vpn.data`,  When they run `nmcli connection export <name>`,   Then the exported config must include the `esp` value and the other options as originally defined. — Given a sysadmin sets the `esp` parameter or other options via `nmcli connection modify ... vpn.data ...`,   When they later inspect the exported config,   Then the values of `esp` and the other options must be present and preserved with exact fidelity, matching the input. ( ) Integration test case is available upstream. ( ) Code is reviewed and merged upstream. ( ) Preliminary testing is done. ( ) Upstream documentation is written in the upstream MR. ( ) Release notes text is written in the RHEL issue. ( ) A demo is recorded
    • Pass
    • Automated
    • Unspecified
    • Unspecified
    • Unspecified
    • None

      This is a clone of RHEL-119653 for RHEL9.8

      What were you trying to do that didn't work?

      [root@wifi4-ml5-vm5 NetworkManager-ci]# nmcli connection add type vpn con-name vpn ifname '*' autoconnect no vpn-type libreswan vpn.data 'ikev2=insist, right=1.2.3.4,           rightid=@server,           rightrsasigkey=server-key,           left=1.2.3.5,           leftid=@client,           leftrsasigkey=client-key,           leftcert=client-cert,           ike=aes256-sha1;modp1536,           esp=aes256-sha1,           nm-auto-defaults=no'
      Connection 'vpn' (5ea5efee-bac1-47c7-9291-fe770c6ded56) successfully added.
      [root@wifi4-ml5-vm5 NetworkManager-ci]# nmcli connection show vpn |grep data |grep esp
      vpn.data:                               esp = aes256-sha1, ike = aes256-sha1;modp1536, ikev2 = insist, left = 1.2.3.5, leftcert = client-cert, leftid = @client, leftrsasigkey = client-key, nm-auto-defaults = no, right = 1.2.3.4, rightid = @server, rightrsasigkey = server-key
      [root@wifi4-ml5-vm5 NetworkManager-ci]# nmcli  connection export vpn > /tmp/vpn.txt
      [root@wifi4-ml5-vm5 NetworkManager-ci]# grep esp /tmp/vpn.txt 

      What is the impact of this issue to you?

       

      Please provide the package NVR for which the bug is seen:

      NetworkManager-libreswan-1.2.27-1.el10.x86_64

      How reproducible is this bug?:

      always

      Steps to reproduce

      1. see steps above

      Expected results

      all values should be exported/imported

      Actual results

      messy export

              nm-team Network Management Team
              rhn-engineering-vbenes Vladimir Benes
              Network Management Team Network Management Team
              Vladimir Benes Vladimir Benes
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated: