Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-34057

Support using libreswan default values in NM-libreswan

XMLWordPrintable

    • rhel-sst-network-management
    • ssg_networking
    • 3
    • False
    • Hide

      None

      Show
      None
    • Yes
    • Red Hat Enterprise Linux
    • None
    • Hide

      User story:
      As a network administrator, I want to be able to opt-out of NM-libreswan's default values and use libreswan's default values instead, so that I can configure VPN tunnels without dealing with overriden defaults that complicate configurations.

      Acceptance criteria:

      Given a network administrator is configuring a VPN connection using NM-libreswan,
      When they enable the property to use libreswan defaults,
      Then, the connection should use libreswan default settings for all options that are not explicitly set the by the network administrator.

      Definition of Done:

      • The implementation meets the acceptance criteria
      • Integration tests are written and pass
      • The code is part of a downstream build attached to an errata
      Show
      User story: As a network administrator, I want to be able to opt-out of NM-libreswan's default values and use libreswan's default values instead, so that I can configure VPN tunnels without dealing with overriden defaults that complicate configurations. Acceptance criteria: Given a network administrator is configuring a VPN connection using NM-libreswan, When they enable the property to use libreswan defaults, Then, the connection should use libreswan default settings for all options that are not explicitly set the by the network administrator. Definition of Done: The implementation meets the acceptance criteria Integration tests are written and pass The code is part of a downstream build attached to an errata
    • None
    • None
    • Enhancement
    • None

      Goal

      NetworkManager-libreswan adopted some default values to facilitate configuration to desktop users. For example, it sets by default leftmodecfgclient=yes and rightsubnet=0.0.0.0/0.

      This deviates from libreswan defaults and makes more difficult for customers to properly configure other use cases like subnet-to-subnet tunnels.

      We cannot change the default values because it would break many current users, but we can add a new property like "no-nm-defaults" that instructs NM-libreswan not to use defaults different from libreswan's.

      Additionally, this will allow nmstate to use this new option so nmstate configs are identical to libreswan.

      Acceptance Criteria

      As a NetworkManager user.

      When I set the new "no-nm-defaults" (or whatever name we decide).

      Then the default values used by NetworkManager-libreswan for unset options must match the default values that libreswan would use.

      Then applying any libreswan's configuration through NetworkManager will have the same behavior than applied directly to libreswan via ipsec.conf.

              rh-ee-sfaye Stanislas Faye
              ihuguet@redhat.com Inigo Huguet
              Network Management Team Network Management Team
              Vladimir Benes Vladimir Benes
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated: