Bug 1081805

Summary: RFE: Enable Kernel IPSec support
Product: [Fedora] Fedora EPEL Reporter: Christopher Meng <i>
Component: strongswanAssignee: Pavel Šimerda (pavlix) <psimerda>
Status: CLOSED NOTABUG QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: el6CC: avagarwa, jamielinux, psimerda
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 1081804 Environment:
Last Closed: 2014-04-16 19:38:25 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1081804    
Bug Blocks:    

Description Christopher Meng 2014-03-28 03:37:13 UTC 
+++ This bug was initially created as a clone of Bug #1081804 +++

Description of problem:

Since strongSwan 5.1.0, it provides a plugin called kernel-libipsec which provides an IPsec backend that works entirely in userland, using TUN devices and its own IPsec implementation libipsec to emulate the IPSec.

Fedora has compiled kernel interface kernel-netlink, it installs IPsec SAs in the operating system's IPsec stack. libipsec plugin provides an alternative for OS implementation does not support a required algorithm.

Enable this plugin doesn't mean to drop the netlink interface, on the contrary, the kernel backend is still required, therefore kernel-netlink is needed as well, and that's not a problem.

This option is really useful for OpenVZ based virtualization.

Version-Release number of selected component (if applicable):
strongswan-5.1.2-4.fc21

Additional info:

Pass "--enable-kernel-libipsec" option to %configure will enable support of libipsec, I've created a patch of the RPM spec, you can apply it from the attachment.

Please enable this option on EPEL also.

Thanks.
Comment 1 Pavel Šimerda (pavlix) 2014-04-16 19:38:25 UTC 
So far epel uses whatever is prepared in rawhide. This bug report won't be needed.