Cannot setup point-to-point ipsec tunnel

  Customer/Partner Jira ID Customer Case Status Details OpenShift SDN team RHEL-20690 No Customer Case  [2024-01-04]  The team had worked on NMT-994 to support OpenShift's North-South IPSec implementation. However, after delivery, the RHCOS team's QE identified a bug in setting up point-to-point IPSec tunnels, leading to timeouts in NetworkManager. The team is actively investigating the issue in order to fix the bug so that the RHCOS and the OpenShift team can promptly consume the updated feature.  [2024-01-08]  A fix is needed asap as this issue is blocking OpenShift end-to-end testing. As soon as a fix is available, we will request a RHEL-9.2 async release.  [2024-01-09]  Investigation identified two key issues: the need to optionally disable leftmodecfgclient=yes in NM-libreswan for server-to-server scenarios, and the requirement for nmstate to explicitly set rightsubnet to avoid defaulting to 0.0.0.0/0 . In addition to this fix, the team has created a Nmstate Jira ticket ( RHEL-21033 ) to add two options to be used when configuring P2P IPSec tunnel. A Nmstate PR is already available and OpenShift QE is testing the scratch build. [2024-01-12] The provided scratch build fixes the problem and in addition to the NMstate PR, a NetworkManager-libreswan MR is also available and under review. An additional CI failure ( RHEL-21221 ) needs to be fixed before delivering the work in a RHEL-9.2 async release therefore the team is also working on it in priority.  [2024-01-17] The additional CI failure is now fixed in this MR . The z-stream builds are ongoing and the goal is to request for an async release as soon as the advisories move to REL_PREP status.  [2024-01-19] The advisories are on REL_PREP status and are awaiting Program Managers approval to be shipped asynchronously. [2024-01-24] The advisories are now shipped in RHEL-9.2.0.z and the OpenShift QA team has now resumed their testing.