-
Story
-
Resolution: Won't Do
-
Minor
-
None
-
rhel-9.4
Currently when using nmstate setup ipsec connection and using 'ipsec status' to check the status, output for the connection uses UUID. It's not friendly from user perspective.
Suggest adding an option to use interface name.
sh-5.1# nmcli conn show NAME UUID TYPE DEVICE plutoVM d0bbc44f-92f1-4649-a29a-da4d287bb90e vpn br-ex ovs-if-br-ex e797cd07-43b6-4097-bc0c-eab56a39a36a ovs-interface br-ex lo 97408724-12b0-41a4-9c54-cc792fe553ae loopback lo br-ex c7581e6d-2a8a-42c2-b4c1-eea5f6791490 ovs-bridge br-ex ovs-if-phys0 1cd03d6b-6a82-4d98-b215-d8265997519e ethernet ens4 ovs-port-br-ex cbf8d333-ca0f-41a6-a197-8d4c93e855eb ovs-port br-ex ovs-port-phys0 87ece8c6-5ffa-4007-81c0-c467f6c6bf8e ovs-port ens4 Wired connection 1 2525100d-dd42-3501-9084-94a5aa99fb26 ethernet -- sh-5.1# ipsec status | grep d0bbc44f-92f1-4649-a29a-da4d287bb90e 000 "d0bbc44f-92f1-4649-a29a-da4d287bb90e": 10.0.128.2[CN=10_0_128_2]...10.0.0.2[CN=10_0_0_2,MS+S=C]; erouted; eroute owner: #25 000 "d0bbc44f-92f1-4649-a29a-da4d287bb90e": oriented; my_ip=unset; their_ip=unset; mycert=10_0_128_2; my_updown=/usr/libexec/nm-libreswan-service-helper 7 211281 org.freedesktop.NetworkManager.libreswan.Connection_16; 000 "d0bbc44f-92f1-4649-a29a-da4d287bb90e": xauth us:none, xauth them:none, my_username=[any]; their_username=[any] 000 "d0bbc44f-92f1-4649-a29a-da4d287bb90e": our auth:rsasig(RSASIG+RSASIG_v1_5), their auth:RSASIG+ECDSA+RSASIG_v1_5, our autheap:none, their autheap:none; 000 "d0bbc44f-92f1-4649-a29a-da4d287bb90e": modecfg info: us:none, them:server, modecfg policy:pull, dns:unset, domains:unset, cat:unset; 000 "d0bbc44f-92f1-4649-a29a-da4d287bb90e": sec_label:unset; 000 "d0bbc44f-92f1-4649-a29a-da4d287bb90e": CAs: 'CN=CA'...'%any' 000 "d0bbc44f-92f1-4649-a29a-da4d287bb90e": ike_life: 28800s; ipsec_life: 28800s; ipsec_max_bytes: 2^63B; ipsec_max_packets: 2^63; replay_window: 128; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 1; 000 "d0bbc44f-92f1-4649-a29a-da4d287bb90e": retransmit-interval: 500ms; retransmit-timeout: 60s; iketcp:no; iketcp-port:4500; 000 "d0bbc44f-92f1-4649-a29a-da4d287bb90e": initial-contact:no; cisco-unity:no; fake-strongswan:no; send-vendorid:no; send-no-esp-tfc:no; 000 "d0bbc44f-92f1-4649-a29a-da4d287bb90e": policy: IKEv2+RSASIG+ECDSA+RSASIG_v1_5+ENCRYPT+TUNNEL+PFS+UP+MODECFG_PULL+IKE_FRAG_ALLOW+ESN_NO+ESN_YES; 000 "d0bbc44f-92f1-4649-a29a-da4d287bb90e": v2-auth-hash-policy: SHA2_256+SHA2_384+SHA2_512; 000 "d0bbc44f-92f1-4649-a29a-da4d287bb90e": conn_prio: 32,32; interface: br-ex; metric: 0; mtu: unset; sa_prio:auto; sa_tfc:none; 000 "d0bbc44f-92f1-4649-a29a-da4d287bb90e": nflog-group: unset; mark: unset; vti-iface:unset; vti-routing:no; vti-shared:no; nic-offload:auto; 000 "d0bbc44f-92f1-4649-a29a-da4d287bb90e": our idtype: ID_DER_ASN1_DN; our id=CN=10_0_128_2; their idtype: ID_DER_ASN1_DN; their id=CN=10_0_0_2 000 "d0bbc44f-92f1-4649-a29a-da4d287bb90e": liveness: passive; dpdaction:hold; dpddelay:0s; retransmit-timeout:60s 000 "d0bbc44f-92f1-4649-a29a-da4d287bb90e": nat-traversal: encaps:auto; keepalive:20s 000 "d0bbc44f-92f1-4649-a29a-da4d287bb90e": newest IKE SA: #23; newest IPsec SA: #25; conn serial: $13; 000 "d0bbc44f-92f1-4649-a29a-da4d287bb90e": IKEv2 algorithm newest: AES_GCM_16_256-HMAC_SHA2_256-MODP2048 000 "d0bbc44f-92f1-4649-a29a-da4d287bb90e": ESP algorithm newest: AES_GCM_16_256-NONE; pfsgroup=<Phase1> 000 #23: "d0bbc44f-92f1-4649-a29a-da4d287bb90e":500 STATE_V2_ESTABLISHED_IKE_SA (established IKE SA); REKEY in 27548s; REPLACE in 28439s; newest; idle; 000 #24: "d0bbc44f-92f1-4649-a29a-da4d287bb90e":500 STATE_V2_ESTABLISHED_CHILD_SA (established Child SA); REKEY in 27413s; REPLACE in 28439s; IKE SA #23; idle; 000 #24: "d0bbc44f-92f1-4649-a29a-da4d287bb90e" esp.8da96ea4@10.0.0.2 esp.b2fa1a1f@10.0.128.2 tun.0@10.0.0.2 tun.0@10.0.128.2 Traffic: ESPin=0B ESPout=0B ESPmax=2^63B 000 #25: "d0bbc44f-92f1-4649-a29a-da4d287bb90e":500 STATE_V2_ESTABLISHED_CHILD_SA (established Child SA); REKEY in 28391s; REPLACE in 28661s; newest; eroute owner; IKE SA #23; idle; 000 #25: "d0bbc44f-92f1-4649-a29a-da4d287bb90e" esp.aab38bf5@10.0.0.2 esp.ee8a2f6@10.0.128.2 tun.0@10.0.0.2 tun.0@10.0.128.2 Traffic: ESPin=0B ESPout=0B ESPmax=2^63B
