• NetworkManager-libreswan-1.2.22-1.el9
    • Medium
    • ZStream
    • 1
    • rhel-sst-network-management
    • ssg_networking
    • 15
    • 5
    • False
    • Hide

      None

      Show
      None
    • No
    • NMT - RHEL-9.5 DTM 12
    • Approved Blocker
    • Hide

      As a system administrator, I want the NetworkManager-libreswan to support IPv6 connections in IPSec VPN configuration, so that I can set up IPv6 tunnels with IPv4 traffic and IPv4 tunnel with IPv6 traffic for both host-to-host and host-to-server use cases efficiently and securely. 

      Given a system administrator configuring a system where NM-libreswan is used for VPN configurations, 
      When they configure an IPSec VPN tunnel using IPv6 addresses or IPv4 addresses, 
      Then, NM-libreswan should successfully establish the IPv6 tunnel with IPv4 traffic or IPv4 tunnel with IPv6 traffic for both host-to-host and host-to-server scenarios without errors. 

      Definition of Done: 

      • The implementation meets the acceptance criteria
      • Unit test and integration test are written and pass
      • The code is part of a downstream build attached to an errata
      • The feature is backported in RHEL-9.4 through a batch update as OCP needs it to fully complete the IPSec feature support.
      • The initial text for this enhancement in the feature-reason-result format (More details here)

       

      AC and QE alignement:

      Show
      As a system administrator, I want the NetworkManager-libreswan to support IPv6 connections in IPSec VPN configuration, so that I can set up IPv6 tunnels with IPv4 traffic and IPv4 tunnel with IPv6 traffic for both host-to-host and host-to-server use cases efficiently and securely.  Given a system administrator configuring a system where NM-libreswan is used for VPN configurations,  When they configure an IPSec VPN tunnel using IPv6 addresses or IPv4 addresses,  Then, NM-libreswan should successfully establish the IPv6 tunnel with IPv4 traffic or IPv4 tunnel with IPv6 traffic for both host-to-host and host-to-server scenarios without errors.  Definition of Done:  The implementation meets the acceptance criteria Unit test and integration test are written and pass The code is part of a downstream build attached to an errata The feature is backported in RHEL-9.4 through a batch update as OCP needs it to fully complete the IPSec feature support. The initial text for this enhancement in the feature-reason-result format (More details  here )   AC and QE alignement: The CI test https://gitlab.freedesktop.org/NetworkManager/NetworkManager-ci/-/merge_requests/1696 is configuring a IPSec VPN tunnel using IPv6 address and check if the tunnel is successfully establish
    • Pass
    • None
    • Enhancement
    • Hide
      .NetworkManager supports connecting to IPsec VPNs that use IPv6 addressing

      Previously, NetworkManager supported only IPv4 addressing when using the `NetworkManager-libreswan` plugin to connect to Internet Protocol Security (IPsec) VPN. With this update, you can connect to IPsec VPNs that use IPv6 addressing.


      Show
      .NetworkManager supports connecting to IPsec VPNs that use IPv6 addressing Previously, NetworkManager supported only IPv4 addressing when using the `NetworkManager-libreswan` plugin to connect to Internet Protocol Security (IPsec) VPN. With this update, you can connect to IPsec VPNs that use IPv6 addressing.
    • Done
    • None

      What were you trying to do that didn't work?

      Current NetworkManager-libreswan cannot support IPv6 connection:

      conn hosta
          hostaddrfamily=ipv6
          clientaddrfamily=ipv6
          left=2001:db8:f::a
          leftid=@hosta.example.org
          leftcert=hosta.example.org
          leftmodecfgserver=no
          right=2001:db8:f::b
          rightid=@hostb.example.org
          rightsubnet=2001:db8:f::b/128
          ikev2=insist
      

      Please provide the package NVR for which bug is seen:

      How reproducible:

      Steps to reproduce

      1. Run nmstate test `test_ipsec_ipv6_libreswan_p2p` and `test_ipsec_ipv6_libreswan_client_server`

      Expected results

      NetworkManager-libreswan setup IPv6 tunnel for `host-to-host` and `host-to-server` use cases.

      Actual results

      NetworkManager-libreswan failed to setup IPv6 tunnel

              bgalvani@redhat.com Beniamino Galvani
              fge@redhat.com Gris Ge
              Network Management Team Network Management Team
              Vladimir Benes Vladimir Benes
              Jaroslav Klech Jaroslav Klech
              Votes:
              0 Vote for this issue
              Watchers:
              12 Start watching this issue

                Created:
                Updated: