-
Story
-
Resolution: Done-Errata
-
Major
-
None
-
NetworkManager-libreswan-1.2.18-2.el9
-
None
-
ZStream
-
1
-
rhel-sst-network-management
-
ssg_networking
-
1
-
-
False
-
-
No
-
NMT - RHEL 8.10/9.4 DTM 22
-
Approved Blocker
-
Pass
-
None
-
None
What were you trying to do that didn't work?
When ipsec remote has P2P tunnel like:
conn hostb_conn_crt_p2p hostaddrfamily=ipv4 left=192.0.2.155 leftsubnet=192.0.2.155/32 leftid=@hostb.example.org leftcert=hostb.example.org leftmodecfgserver=yes right=192.0.2.248 rightsubnet=192.0.2.248/32 rightid=@hosta.example.org rightcert=hosta.example.org rightmodecfgclient=yes ikev2=insist
When activating a ipsec connection with `nmcli c up`, then the ipsec tunnel will failed to setup and timeout.
Please provide the package NVR for which bug is seen:
NetworkManager-1.45.9-32883.copr.0e893593a9.el9.x86_64
NetworkManager-libreswan-1.2.18-1.el9
How reproducible:
100%
Steps to reproduce
* Deploy the PKI keys to both localhost and remote node. * Use above ipsec config to setup ipsec daemon on remote node * Apply this state via nmstaetctl echo ' interfaces: - name: hosta_conn type: ipsec libreswan: left: 192.0.2.248 leftid: 'hosta.example.org' leftcert: hosta.example.org right: 192.0.2.155 rightid: 'hostb.example.org' ikev2: insist ' | sudo nmstatectl apply -
Expected results
IPsec connection been setup and communication between these two nodes is encrypted
Actual results
Timeout on activating ipsec VPN connection in NetworkManager.
- blocks
-
SDN-4034 OpenShift North-South IPsec Implementation Enhancement and GA
- Closed
-
RHEL-21033 [nmstate] [ipsec] Need support of `rightsubnet` and `leftmodecfgclient` options
- Closed
- links to
-
RHBA-2023:125602 NetworkManager-libreswan enhancements
- mentioned on
(3 mentioned on)