Loading...

Linking RHIVOS CVEs to...

Migration: Automation ...

SWIFT: POC Conversion

Sync from "Extern...

XML

Word

Printable

Type: Story
Resolution: Duplicate
Priority: Normal
Fix Version/s: rhel-9.7
Affects Version/s: None
Component/s: NetworkManager-libreswan
Labels:

Fixed in Build:
NetworkManager-libreswan-1.2.26-3.el9
Severity:
None

AssignedTeam:
rhel-net-mgmt
Sub-System Group:

ssg_networking

Story Points:
1
Target Version:

rhel-9.6
Blocked:
False
Ready:
False
Blocked Reason:

Hide

None

Show
None
Product Documentation Required:
Yes
Products:

Red Hat Enterprise Linux
Sprint:
None

Acceptance Criteria:
Hide

Definition of Done:

Please mark each item below with ( / ) if completed or ( x ) if incomplete:

( ) The acceptance criteria defined below are met.

User story:
As a network administrator, I want to be able to opt-out of NM-libreswan's default values and use libreswan's default values instead, so that I can configure VPN tunnels without dealing with overriden defaults that complicate configurations.

Acceptance criteria:

Given a network administrator is configuring a VPN connection using NM-libreswan,
When they enable the property to use libreswan defaults,
Then, the connection should use libreswan default settings for all options that are not explicitly set the by the network administrator.

Definition of Done:

The implementation meets the acceptance criteria

Integration tests are written and pass

The code is part of a downstream build attached to an errata

( ) Code changes are included in a downstream build attached to an errata.

( ) All required testing (manual and/or automated) passes successfully.

( ) Related documentation updates (if applicable) have been completed.
Show
Definition of Done: Please mark each item below with ( / ) if completed or ( x ) if incomplete: ( ) The acceptance criteria defined below are met. User story: As a network administrator, I want to be able to opt-out of NM-libreswan's default values and use libreswan's default values instead, so that I can configure VPN tunnels without dealing with overriden defaults that complicate configurations. Acceptance criteria: Given a network administrator is configuring a VPN connection using NM-libreswan, When they enable the property to use libreswan defaults, Then, the connection should use libreswan default settings for all options that are not explicitly set the by the network administrator. Definition of Done: The implementation meets the acceptance criteria Integration tests are written and pass The code is part of a downstream build attached to an errata ( ) Code changes are included in a downstream build attached to an errata. ( ) All required testing (manual and/or automated) passes successfully. ( ) Related documentation updates (if applicable) have been completed.
Git Pull Request:
https://gitlab.gnome.org/GNOME/NetworkManager-libreswan/-/merge_requests/41
Preliminary Testing:
Pass
Errata Link:
https://errata.engineering.redhat.com/advisory/154870
Test Coverage:
None

Release Note Type:
Enhancement
Release Note Text:

Hide
.The `NetworkManager-libreswan` plugin supports using the Libreswan default values

With this enhancement, you can set the `no-nm-default` property in Libreswan VPN connection profiles to `true` to use Libreswan's instead of NetworkManager's default values. This ensures the compatibility with configurations defined for native Libreswan. As a result, you can now, for example, configure subnet-to-subnet tunnels.

Show
.The `NetworkManager-libreswan` plugin supports using the Libreswan default values With this enhancement, you can set the `no-nm-default` property in Libreswan VPN connection profiles to `true` to use Libreswan's instead of NetworkManager's default values. This ensures the compatibility with configurations defined for native Libreswan. As a result, you can now, for example, configure subnet-to-subnet tunnels.
Release Note Status:
Done
ProdDocsReview-CCS:
Done
ProdDocsReview-Dev:
Done
ProdDocsReview-QE:
Not Required

Experience:

PX Impact Score:
SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Planning:
None

Goal

NetworkManager-libreswan adopted some default values to facilitate configuration to desktop users. For example, it sets by default leftmodecfgclient=yes and rightsubnet=0.0.0.0/0.

This deviates from libreswan defaults and makes more difficult for customers to properly configure other use cases like subnet-to-subnet tunnels.

We cannot change the default values because it would break many current users, but we can add a new property like "no-nm-defaults" that instructs NM-libreswan not to use defaults different from libreswan's.

Additionally, this will allow nmstate to use this new option so nmstate configs are identical to libreswan.

Acceptance Criteria

As a NetworkManager user.

When I set the new "no-nm-defaults" (or whatever name we decide).

Then the default values used by NetworkManager-libreswan for unset options must match the default values that libreswan would use.

Then applying any libreswan's configuration through NetworkManager will have the same behavior than applied directly to libreswan via ipsec.conf.

clones

RHEL-34057 Support using libreswan default values in NM-libreswan

Planning

links to

RHBA-2025:154870 NetworkManager-libreswan update

Assignee:: Lubomir Rintel

Reporter:: Inigo Huguet

Developer:: Network Management Team

QA Contact:: Vladimir Benes

Doc Contact:: Marc Muehlfeld

Votes:: 0 Vote for this issue

Watchers:: 8 Start watching this issue

Created:: 2025/04/02 9:43 AM

Updated:: 2025/10/06 9:45 AM

Resolved:: 2025/10/02 10:34 AM

Next Planned Release Date:: 2025/11/11

Details

Description

Goal

Acceptance Criteria

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates

Hide