Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-32947

RFE: nmstate support libreswan left/rightsubnets

XMLWordPrintable

    • rhel-sst-network-management
    • ssg_networking
    • 3
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • Hide

      User Story:
      As a network administrator managing multi-subnet IPsec policies, I want Nmstate to support configuration of multiple subnets for a single IPsec policy using leftsubnets and rightsubnets, ensuring that traffic to and from multiple subnets can be secured via a single IPsec tunnel.

      Acceptance criteria:

      Given a network administrator requires a setup where multiple subnets need to communicate securely through a single IPsec tunnel, 

      When they configure the IPsec policy using the leftsubnets and rightsubnets, specifying multiple subnets in the format { networkA/netmaskA, networkB/netmaskB, ... },

      Then, Nmstate should process and apply the configuration, establishing IPsec tunnels that handle all specified combinations of subnet pairings as defined in the leftsubnets and rightsubnets.

      Definition of Done:

      • The implementation meets the acceptance criteria
      • Integration tests are written and pass
      • The feature is part of a downstream build attached to an errata
      • The release note text is filled and the official Nmstate documentation is updated
      • The feature is backported into RHEL-9.4
      Show
      User Story: As a network administrator managing multi-subnet IPsec policies, I want Nmstate to support configuration of multiple subnets for a single IPsec policy using leftsubnets and rightsubnets, ensuring that traffic to and from multiple subnets can be secured via a single IPsec tunnel. Acceptance criteria: Given a network administrator requires a setup where multiple subnets need to communicate securely through a single IPsec tunnel,  When they configure the IPsec policy using the leftsubnets and rightsubnets, specifying multiple subnets in the format { networkA/netmaskA, networkB/netmaskB, ... } , Then, Nmstate should process and apply the configuration, establishing IPsec tunnels that handle all specified combinations of subnet pairings as defined in the leftsubnets and rightsubnets. Definition of Done : The implementation meets the acceptance criteria Integration tests are written and pass The feature is part of a downstream build attached to an errata The release note text is filled and the official Nmstate documentation is updated The feature is backported into RHEL-9.4
    • None
    • None
    • None

      What were you trying to do that didn't work?

      trying to define multiple subnets for a single ipsec policy via `rightsubnets`

      this is important because customers might need a single ipsec tunnel that is capturing traffic to/from multiple subnets
      see `leftsubnets` here https://libreswan.org/man/ipsec.conf.5.html

              rh-ee-sfaye Stanislas Faye
              ykashtan Yuval Kashtan
              Network Management Team Network Management Team
              Mingyu Shi Mingyu Shi
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

                Created:
                Updated: