Feb 19,2024 QE: Workaround tested for bug OCPBUGS-27839 to be included in RN. Functional QE is done with testing at this point. Waiting for scale team inputs if they can comment before this epic moves to RELEASE_PENDING Feb 15,2024 QE Based on further testing, QE has identified OCPBUGS-27839 as a RHEL/nmstate bug rather than OCP. We need a workaround to document regarding restoring network connectivity issue between hosts. Feb 13, 2024 QE IPsec EW blocker has been verified. QE just waiting for dev inputs on OCPBUGS-27839 : [IPSEC] Restarting ipsec service/ovn-ipsec-host pod would cause ipsec traffic broken between worker node and external host   Feb 6, 2024 QE https://issues.redhat.com/browse/OCPBUGS-28676 is release blocker now. Libreswan package needs to be installed on RHEL node hosts by openshift-ansible which is not part of the OCP payload, but is delivered via rpms. This is being addressed via https://github.com/openshift/openshift-ansible/pull/12477 and https://github.com/openshift/openshift-ansible/pull/12478 . QE need to test this hack by either execute `sudo dnf install libreswan` on ansible pre-hook playbooks during RHEL nodes update or manually on RHEL node before pre-hook.  Fixes should be validated by Feb 9 to make it in RC Feb 1, 2024 QE All required critical fixes are in prod builds now. QE have verified crticial fixes and testing looks green now. Regression issue of RHEL nodes EW has been verified along with pre-merge. Few non-critical bugs under post-merge task SDN-4200 still needs dev triage. Jan 24, 2024 QE QE has tested nmstate rpms and corresponding IPsec configs on GCP with nmstate (custom rpms) in last couple of weeks which looks good with exception of few bugs mentioned in SDN-4200 : post-merge testing. QE still waiting for `nmstate-2.2.23-1.el9_2` to land in RHCOS along with rpms (with few fixes). QE will do additional testing once all required rpms  lands in production builds.   Jan 16, 2024 QE Testing continued using scratch builds for nmstate, NetworkManager-libreswan. Unable to test transport mode due to  RHEL-21532 : Cannot configure ipsec mode with 'type' in nmstate config Upgrade from 4.14 OCPBUGS-26952 : no ipsec on cluster post NS mc's deletion during ipsecConfig mode `Full` Above bugs can be verified with scratch builds once available. Plan: Once the build is available in OCP, QE will run regression tests with ipsec enabled.   Jan 09, 2024 QE TestBlocker bug  RHEL-20690 : Cannot setup point-to-point ipsec tunnel in-progress Pre-merge testing complete cluster-network-operator/pull/2144  for IPsec runtime modes Full and external. Looks good on standalone build. Full and External runtime modes are not working if cluster is upgraded from 4.14 to bot build (with 2144). Hypershift is out of scope for this feature.   Jan 05, 2024 QE Testing blocked due to RHEL-20690 : Cannot setup point-to-point ipsec tunnel — API PR is ready to merge CNO PR is in code-review and likely to merge soon must-gather work has not started yet