Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-26776

[RFE] Support `leftsubnet` in IPSec configuration in NM-libreswan

XMLWordPrintable

    • ZStream
    • 1
    • rhel-sst-network-management
    • ssg_networking
    • 13
    • 5
    • False
    • Hide

      None

      Show
      None
    • No
    • NMT - RHEL-9.5 DTM 8
    • Approved Blocker
    • Hide

      User story:
      As a system administrator, I need NM-libreswan to process leftsubnet configurations, to establish secure net2net IPsec tunnels between specified subnets.

      Acceptance criteria:
      Given a system administrator configuring IPsec connection that includes leftsubnet and rightsubnet specifications,
      When they configures these parameters in NM-libreswan,
      Then NM-libreswan should configure the IPsec tunnel to encrypt traffic between these subnets, ensuring that the XFRM policies reflect the specified subnet configurations.

      Definition of Done:

      • The implementation meets the acceptance criteria
      • Unit test and integration test are written and pass
      • The code is part of a downstream build attached to an errata
      • The Release Note text is written following the feature-reason-result format.
      • The fix needs to be backported into RHEL-9.2

      AC and Demo/QE test alignement:

      The demo showing configuration of IPSec tunnel configured with leftsubnet and rightsubnet can be found here: https://drive.google.com/file/d/1ZjdiYMvwYEyPEVo_hB1RUi8_zqVDCs4m/view

      Show
      User story: As a system administrator, I need NM-libreswan to process leftsubnet configurations, to establish secure net2net IPsec tunnels between specified subnets. Acceptance criteria: Given a system administrator configuring IPsec connection that includes leftsubnet and rightsubnet specifications, When they configures these parameters in NM-libreswan, Then NM-libreswan should configure the IPsec tunnel to encrypt traffic between these subnets, ensuring that the XFRM policies reflect the specified subnet configurations. Definition of Done: The implementation meets the acceptance criteria Unit test and integration test are written and pass The code is part of a downstream build attached to an errata The Release Note text is written following the feature-reason-result format. The fix needs to be backported into RHEL-9.2 AC and Demo/QE test alignement: The demo showing configuration of IPSec tunnel configured with leftsubnet and rightsubnet can be found here: https://drive.google.com/file/d/1ZjdiYMvwYEyPEVo_hB1RUi8_zqVDCs4m/view
    • Pass
    • None
    • Enhancement
    • Hide
      .NetworkManager now supports the `leftsubnet` parameter for IPsec VPNs

      With this update, NetworkManager supports the `leftsubnet` parameter to define the private subnet behind the local participant used to configure subnet-to-subnet scenarios in Internet Protocol Security (IPsec) VPNs.
      Show
      .NetworkManager now supports the `leftsubnet` parameter for IPsec VPNs With this update, NetworkManager supports the `leftsubnet` parameter to define the private subnet behind the local participant used to configure subnet-to-subnet scenarios in Internet Protocol Security (IPsec) VPNs.
    • Done
    • None

      To fulfill the requirements of net2net IPsec scenarios, such as those encountered in OpenShift clusters, NM-libreswan needs to implement support for `leftsubnet`. This functionality will enable the creation of XFRM policies for specified network subnets.

      For more details on the use case, see https://docs.google.com/document/d/1togmmRF6u3gEorwQU2Zv1PQ--yILOC00GgykhwoAEAg/edit?usp=sharing

              bgalvani@redhat.com Beniamino Galvani
              rh-ee-sfaye Stanislas Faye
              Network Management Team Network Management Team
              Filip Pokryvka Filip Pokryvka
              Jaroslav Klech Jaroslav Klech
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

                Created:
                Updated:
                Resolved: