Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-21875

[RFE] Support IPv6 in IPsec VPN

XMLWordPrintable

    • Normal
    • ZStream
    • sst_network_management
    • ssg_networking
    • 5
    • False
    • Hide

      None

      Show
      None
    • Yes
    • NMT - RHEL-9.5 DTM 12
    • Approved Blocker
    • Hide

      As a system administrator, I want the NetworkManager-libreswan to support IPv6 connections in IPSec VPN configuration, so that I can set up IPv6 tunnels with IPv4 traffic and IPv4 tunnel with IPv6 traffic for both host-to-host and host-to-server use cases efficiently and securely. 

      Given a system administrator configuring a system where NM-libreswan is used for VPN configurations, 
      When they configure an IPSec VPN tunnel using IPv6 addresses or IPv4 addresses, 
      Then, NM-libreswan should successfully establish the IPv6 tunnel with IPv4 traffic or IPv4 tunnel with IPv6 traffic for both host-to-host and host-to-server scenarios without errors. 

      Definition of Done: 

      • The implementation meets the acceptance criteria
      • Unit test and integration test are written and pass
      • The code is part of a downstream build attached to an errata
      • The feature is backported in RHEL-9.4 through a batch update as OCP needs it to fully complete the IPSec feature support.
      • The initial text for this enhancement in the feature-reason-result format (More details here)
      Show
      As a system administrator, I want the NetworkManager-libreswan to support IPv6 connections in IPSec VPN configuration, so that I can set up IPv6 tunnels with IPv4 traffic and IPv4 tunnel with IPv6 traffic for both host-to-host and host-to-server use cases efficiently and securely.  Given a system administrator configuring a system where NM-libreswan is used for VPN configurations,  When they configure an IPSec VPN tunnel using IPv6 addresses or IPv4 addresses,  Then, NM-libreswan should successfully establish the IPv6 tunnel with IPv4 traffic or IPv4 tunnel with IPv6 traffic for both host-to-host and host-to-server scenarios without errors.  Definition of Done:  The implementation meets the acceptance criteria Unit test and integration test are written and pass The code is part of a downstream build attached to an errata The feature is backported in RHEL-9.4 through a batch update as OCP needs it to fully complete the IPSec feature support. The initial text for this enhancement in the feature-reason-result format (More details  here )
    • Unspecified Release Note Type - Unknown

      What were you trying to do that didn't work?

      Current NetworkManager-libreswan cannot support IPv6 connection:

      conn hosta
    hostaddrfamily=ipv6
    clientaddrfamily=ipv6
    left=2001:db8:f::a
    leftid=@hosta.example.org
    leftcert=hosta.example.org
    leftmodecfgserver=no
    right=2001:db8:f::b
    rightid=@hostb.example.org
    rightsubnet=2001:db8:f::b/128
    ikev2=insist

      Please provide the package NVR for which bug is seen:

      How reproducible:

      Steps to reproduce

      1. Run nmstate test `test_ipsec_ipv6_libreswan_p2p` and `test_ipsec_ipv6_libreswan_client_server`

      Expected results

      NetworkManager-libreswan setup IPv6 tunnel for `host-to-host` and `host-to-server` use cases.

      Actual results

      NetworkManager-libreswan failed to setup IPv6 tunnel

            bgalvani@redhat.com Beniamino Galvani
            fge@redhat.com Gris Ge
            Network Management Team Network Management Team
            Vladimir Benes Vladimir Benes
            Votes:
            0 Vote for this issue
            Watchers:
            9 Start watching this issue

              Created:
              Updated: