Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-33712

Support for multiple subnets in IPSec policy via leftsubnets/rightsubnets in NM-libreswan

Linking RHIVOS CVEs to...Migration: Automation ...SWIFT: POC ConversionSync from "Extern...XMLWordPrintable

    • None
    • 1
    • rhel-net-mgmt
    • ssg_networking
    • 2
    • False
    • False
    • Hide

      None

      Show
      None
    • Yes
    • NMT SST - 2025Q1
    • Hide

      Given a network administrator requires a setup where multiple subnets need to communicate securely through a single IPsec tunnel, 

      When they configure an IPsec policy in NetworkManager-libreswan using leftsubnets and rightsubnets, specifying multiple subnets in the format

      (networkA/netmaskA, networkB/netmaskB, ...)

      Then, NetworkManager-libreswan should correctly interpret and apply these configurations, establishing IPsec tunnels that facilitate all specified combinations of subnet pairings as defined.

       

      Definition of Done:

      • The implementation meets the acceptance criteria
      • Integration tests are written and pass
      • The feature is part of a downstream build attached to an errata
      • The release note text is filled
      Show
      Given a network administrator requires a setup where multiple subnets need to communicate securely through a single IPsec tunnel,  When they configure an IPsec policy in NetworkManager-libreswan using leftsubnets and rightsubnets, specifying multiple subnets in the format (networkA/netmaskA, networkB/netmaskB, ...) Then, NetworkManager-libreswan should correctly interpret and apply these configurations, establishing IPsec tunnels that facilitate all specified combinations of subnet pairings as defined.   Definition of Done: The implementation meets the acceptance criteria Integration tests are written and pass The feature is part of a downstream build attached to an errata The release note text is filled
    • Pass
    • None
    • Enhancement
    • Hide
      .The NetworkManager Libreswan plugin supports using a single tunnel for multiple subnets

      This update enhances the NetworkManager Libreswan client plugin to configure multiple subnets in IPsec policies. This corresponds to the use of multiple subnets in the `leftsubnets` and `rightsubnets` parameters in the Libreswan configuration. As a result, users can connect to multiple subnets by using a single IPsec tunnel.
      Show
      .The NetworkManager Libreswan plugin supports using a single tunnel for multiple subnets This update enhances the NetworkManager Libreswan client plugin to configure multiple subnets in IPsec policies. This corresponds to the use of multiple subnets in the `leftsubnets` and `rightsubnets` parameters in the Libreswan configuration. As a result, users can connect to multiple subnets by using a single IPsec tunnel.
    • Done
    • Done
    • Done
    • Not Required
    • None

      This is the NM-libreswan counterpart of RHEL-32947 and should allow users to configure IPsec policies using leftsubnets and rightsubnets{}, specifying multiple subnets. This is needed for setups requiring secure communication across multiple subnets through a single IPsec tunnel, a common requirement in complex network environments.

              rhn-engineering-vbenes Vladimir Benes
              rh-ee-sfaye Stanislas Faye
              Network Management Team Network Management Team
              Vladimir Benes Vladimir Benes
              Jaroslav Klech Jaroslav Klech
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated: