User story: As a system administrator, I want to configure IPsec tunnels between two subnets within our OpenShift cluster and an external partner network, so that all traffic between these subnets is securely encrypted. As a system administrator, I need to define IPsec policies that apply to specific subnets within our network architecture, allowing for efficient management and implementation of security protocols across the cluster. Acceptance criteria: Given a system administrator managing IPsec configurations in a network environment with NMState, When they specify leftsubnet in combination with rightsubnet properties in the IPsec configuration, Then, the net2net IPSec tunnel should be set up according to the subnet specifications. Definition of Done: The implementation meets the acceptance criteria Unit test and integration test are written and pass The code is part of a downstream build attached to an errata The Release Note Text is filled The fix needs to be backported into RHEL-9.4

.`nmstate` now supports the `leftsubnet` option You can define entire subnets for IPsec (Internet Protocol Security) connections when configuring Libreswan connections through the `nmstate` utility by using the `leftsubnet` option. This ensures secure communication between different network segments. The following example YAML file sets the `leftsubnet` option: ---- interfaces: - name: hosta    type: ipsec    ipv4:      enabled: true      dhcp: true    libreswan:      left: 192.0.2.246      leftid: _<hosta.example.org>_      leftcert: _<hosta.example.org>_      leftsubnet: 192.0.4.0/24      leftmodecfgclient: no      right: 192.0.2.157      rightid: _<hostb.example.org>_      rightsubnet: 192.0.3.0/24      ikev2: insist ---- Note that the IPsec technology requires a peer-to-peer configuration, including another server with appropriate IP addresses and IPsec settings.