-
Story
-
Resolution: Unresolved
-
Normal
-
None
-
None
-
rhel-sst-network-management
-
ssg_networking
-
3
-
False
-
-
Yes
-
Red Hat Enterprise Linux
-
None
-
-
None
-
None
-
Enhancement
-
None
Goal
NetworkManager-libreswan adopted some default values to facilitate configuration to desktop users. For example, it sets by default leftmodecfgclient=yes and rightsubnet=0.0.0.0/0.
This deviates from libreswan defaults and makes more difficult for customers to properly configure other use cases like subnet-to-subnet tunnels.
We cannot change the default values because it would break many current users, but we can add a new property like "no-nm-defaults" that instructs NM-libreswan not to use defaults different from libreswan's.
Additionally, this will allow nmstate to use this new option so nmstate configs are identical to libreswan.
Acceptance Criteria
As a NetworkManager user.
When I set the new "no-nm-defaults" (or whatever name we decide).
Then the default values used by NetworkManager-libreswan for unset options must match the default values that libreswan would use.
Then applying any libreswan's configuration through NetworkManager will have the same behavior than applied directly to libreswan via ipsec.conf.
- blocks
-
RHEL-26350 IPSec host2net config failing when applying with nmstate
- Planning