-
Story
-
Resolution: Done-Errata
-
Major
-
rhel-9.4
-
nmstate-2.2.32-1.el9
-
High
-
1
-
rhel-sst-network-management
-
ssg_networking
-
2
-
False
-
-
None
-
NMT - RHEL-9.5 DTM 14
-
-
Pass
-
Automated
-
-
Unspecified
-
None
What were you trying to do that didn't work?
Filing this bug to track IPv6 support via nmstate. In 4.15 we decided to support this in z streams or 4.16
Please provide the package NVR for which bug is seen:
sh-5.1# rpm -qa | grep -i libre
libreswan-4.12-1.el9.x86_64
NetworkManager-libreswan-1.2.18-2.el9.x86_64
How reproducible: Always
Steps to reproduce
- nncp config at left side
kind: NodeNetworkConfigurationPolicy
apiVersion: nmstate.io/v1
metadata:
name: "ipsec-policy-transport"
spec:
nodeSelector:
kubernetes.io/hostname: "worker-0.offload.openshift-qe.sdn.com"
desiredState:
interfaces:
- name: pluto-VM-transport
type: ipsec
libreswan:
left: fd2e:6f44:5dd8:c956::17
leftid: '%fromcert'
leftmodecfgclient: false
leftrsasigkey: '%cert'
leftcert: worker0
hostaddrfamily: ipv6
clientaddrfamily: ipv6
right: fd2e:6f44:5dd8:c956::18
rightid: '%fromcert'
rightrsasigkey: '%cert'
rightsubnet: fd2e:6f44:5dd8:c956::18/128
ike: aes_gcm256-sha2_256
esp: aes_gcm256
ikev2: insist
type: transport
2. Config at right side
sh-5.1# cat /etc/ipsec.d/nstest.conf
conn worker-VM
type=transport
left=fd2e:6f44:5dd8:c956::18
leftid=%fromcert
leftrsasigkey=%cert
leftcert=worker1
hostaddrfamily=ipv6 <<<<<<<<<<<
clientaddrfamily=ipv6 <<<<<<<<<<<
right=fd2e:6f44:5dd8:c956::17
rightid=%fromcert
rightrsasigkey=%cert
ike=aes_gcm256-sha2_256
esp=aes_gcm256
ikev2=insist
auto=start
sh-5.1#
3. nncp gets established but tunnel underneath doesn't. Please check ipsec journals at http://10.19.166.176/~anusaxen/ipsec.log
Expected results: Tunnels should be stablished
Actual results: Tunnel fails to establish
- is blocked by
-
RHEL-21875 [RFE] Support IPv6 in IPsec VPN
- Release Pending
- links to
-
RHBA-2024:129019 nmstate bug fix and enhancement update