Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-21554

Support configuring ipsec mode with 'type' in NM-libreswan

XMLWordPrintable

    • NetworkManager-libreswan-1.2.18-2.el9
    • Major
    • ZStream
    • sst_network_management
    • ssg_networking
    • 1
    • False
    • Hide

      None

      Show
      None
    • No
    • NMT - RHEL 8.10/9.4 DTM 22
    • Approved Blocker
    • Hide

      Given a system administrator using Nmstate to configure an IPsec host-to-host connection in transport mode,

      When they specify the 'type' field in the nmstate configuration as 'transport' along with other necessary IPsec settings,

      Then NetworkManager-libreswan should successfully set up the IPsec connection in transport mode.

      Definition of Done:

      • The implementation meets the acceptance criteria
      • Unit test and integration test are written and pass
      • The code is part of a downstream build attached to an errata
      • The fix is backported into RHEL-9.2
      Show
      Given a system administrator using Nmstate to configure an IPsec host-to-host connection in transport mode, When they specify the 'type' field in the nmstate configuration as 'transport' along with other necessary IPsec settings, Then NetworkManager-libreswan should successfully set up the IPsec connection in transport mode. Definition of Done: The implementation meets the acceptance criteria Unit test and integration test are written and pass The code is part of a downstream build attached to an errata The fix is backported into RHEL-9.2
    • Pass
    • Release Note Not Required
    • Hide
      Feature: support the 'type' option in NM-libreswan

      Reason: the option 'type' option is useful to choose between IPsec tunnel mode (which encapsulates the original IP packet in a IPsec packet) and transport mode (which retains the original packet header and encrypts the payload). Previously NM-libreswan only supported tunnel mode.

      Result: now it is possible to choose between tunnel mode and transport mode.
      Show
      Feature: support the 'type' option in NM-libreswan Reason: the option 'type' option is useful to choose between IPsec tunnel mode (which encapsulates the original IP packet in a IPsec packet) and transport mode (which retains the original packet header and encrypts the payload). Previously NM-libreswan only supported tunnel mode. Result: now it is possible to choose between tunnel mode and transport mode.
    • Proposed

      What were you trying to do that didn't work?

      Configure ipsec host-to-host with nmsate config in transport mode
      discussion about the issue in slack https://redhat-internal.slack.com/archives/C06665AQN0J/p1705022984494649?thread_ts=1704964168.895169&cid=C06665AQN0J

                ikev2: insist
          left: 10.0.128.3
          leftcert: left_server
          leftid: '%fromcert'
          leftrsasigkey: '%cert'
          right: 10.0.0.2
          rightid: '%fromcert'
          rightrsasigkey: '%cert'
          type: transport

      Please provide the package NVR for which bug is seen:

      How reproducible:

      100%

      Steps to reproduce

      Expected results

      The ipsec connection can be setup in transport mode.

      Actual results

      file is not valid NetworkState or NetworkPolicy: unknown field `type`
      type was not supported yet.

            bgalvani@redhat.com Beniamino Galvani
            huirwang Huiran Wang
            Network Management Team Network Management Team
            Vladimir Benes Vladimir Benes
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated:
              Resolved: