What were you trying to do that didn't work?

Tried to load libreswan config via k8s-nmstate NNCP CR for enabling IPsec connection between two OCP 4.16 worker nodes.  But it fails unfortunately.

Please provide the package NVR for which bug is seen:

How reproducible:

Steps to reproduce

1. Install OCP 4.16 (which is under development)
2. Rollout IPsec mode 'External', generate and import certificates onto relevant worker node needed for IPSec connection. 
3. Install kubernetes-nmstate from redhat-operators.

 # cat nmstate-deploy.yaml 
apiVersion: v1
kind: Namespace
metadata:
  labels:
    openshift.io/cluster-monitoring: "true"
  name: openshift-nmstate
---
apiVersion: operators.coreos.com/v1
kind: OperatorGroup
metadata:
  name: kubernetes-nmstate-operator-operatorgroup
  namespace: openshift-nmstate
spec:
  targetNamespaces:
  - openshift-nmstate
---
apiVersion: operators.coreos.com/v1alpha1
kind: Subscription
metadata:
  name: kubernetes-nmstate-operator
  namespace: openshift-nmstate
spec:
  channel: "stable"
  name: kubernetes-nmstate-operator
  source: redhat-operators
  sourceNamespace: openshift-marketplace
# cat nmstate-crd.yaml 
apiVersion: nmstate.io/v1
kind: NMState
metadata:
  name: nmstate   

1.  Create NNCP targeting relevant worker nodes.
    

    kind: NodeNetworkConfigurationPolicy
     apiVersion: nmstate.io/v1
     metadata:
       name: left-node-ipsec-policy
     spec:
       nodeSelector:
         kubernetes.io/hostname: ip-10-0-117-52.ec2.internal
       desiredState:
         interfaces:
         - name: hosta_conn
           type: ipsec
           ipv4:
             enabled: true
             dhcp: true
           libreswan:
             leftrsasigkey: '%cert'
             left: 10.0.117.52
             leftid: '%fromcert'
             leftcert: left_server
             leftmodecfgclient: false
             right: 10.0.18.71
             rightrsasigkey: '%cert'
             rightid: '%fromcert'
             rightsubnet: 10.0.18.71/32
             ike: aes_gcm256-sha2_256
             esp: aes_gcm256
             ikev2: insist
             type: transport
   ---
     kind: NodeNetworkConfigurationPolicy
     apiVersion: nmstate.io/v1
     metadata:
       name: right-node-ipsec-policy
     spec:
       nodeSelector:
         kubernetes.io/hostname: ip-10-0-18-71.ec2.internal
       desiredState:
         interfaces:
         - name: hosta_conn
           type: ipsec
           ipv4:
             enabled: true
             dhcp: true
           libreswan:
             leftrsasigkey: '%cert'
             left: 10.0.18.71
             leftid: '%fromcert'
             leftcert: right_server
             leftmodecfgclient: false
             right: 10.0.117.52
             rightrsasigkey: '%cert'
             rightid: '%fromcert'
             rightsubnet: 10.0.117.52/32
             ike: aes_gcm256-sha2_256
             esp: aes_gcm256
             ikev2: insist
             type: transport

Expected results

NNCP should get configured on the node.

Actual results

NNCP failed to configure.

# oc get NodeNetworkConfigurationPolicy
NAME                      STATUS     REASON
left-node-ipsec-policy    Degraded   FailedToConfigure
right-node-ipsec-policy   Degraded   FailedToConfigure

ignoring\n[2024-04-09T08:53:23Z INFO nmstate::nm::show] Got unsupported interface type ip-tunnel: ip_vti0, ignoring\n[2024-04-09T08:53:23Z ERROR nmstate::ifaces::inter_ifaces] InvalidArgument: Failed to find unknown type interface hosta_conn in current state\nNmstateError: InvalidArgument: Failed to find unknown type interface hosta_conn in current state\n'"

Note: The same NNCP config worked fine on OCP 4.15 worker node.
The difference is 4.16 node has libreswan 4.12 whereas 4.15 node has libreswan 4.9.