Bug 1100750

Summary: nmcli cannot recognize libreswan vpn type
Product: Red Hat Enterprise Linux 7 Reporter: Vladimir Benes <vbenes>
Component: NetworkManagerAssignee: Jirka Klimes <jklimes>
Status: CLOSED ERRATA QA Contact: Desktop QE <desktop-qa-list>
Severity: urgent Docs Contact:
Priority: urgent    
Version: 7.1CC: dcbw, jklimes, jkurik, rkhan, thaller
Target Milestone: rcKeywords: ZStream
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-03-05 13:51:19 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1102051    

Description Vladimir Benes 2014-05-23 11:39:42 UTC 
Description of problem:
 nmcli connection add type vpn ifname \* vpn-type libreswan
Error: 'vpn-type': 'libreswan' not among [openvpn, vpnc, pptp, openconnect, openswan].

Libreswan is the only type we officially ship and support. That's quite sad.
 
Version-Release number of selected component (if applicable):
NetworkManager-0.9.9.1-14.git20140326.4dba720.el7.x86_64
Comment 1 Vladimir Benes 2014-05-23 11:39:57 UTC 
NetworkManager-libreswan-0.9.8.0-5.el7.x86_64
Comment 2 Thomas Haller 2014-05-23 12:48:34 UTC 
nmcli has the list of supported VPN plugin types set statically.

A quick fix would be to replace openswan by libreswan (on RHEL-7 only).


A better fix would be to detect the plugin names at runtime, or not doing any validation at all -- or maybe just a warning?

 nmcli connection add type vpn ifname \* vpn-type libreswan
Warning: 'vpn-type': 'libreswan' not among the common plugins [openvpn, vpnc, pptp, openconnect, openswan].
Comment 4 Dan Williams 2014-05-23 16:01:31 UTC 
(In reply to Thomas Haller from comment #2)
> nmcli has the list of supported VPN plugin types set statically.
> 
> A quick fix would be to replace openswan by libreswan (on RHEL-7 only).

Agreed.

> A better fix would be to detect the plugin names at runtime, or not doing
> any validation at all -- or maybe just a warning?

Yeah, since nmcli doesn't have logic about the VPN-specific key/value pairs, it can't do a lot of validation.  So maybe we should just remove the restriction...
Comment 5 Jirka Klimes 2014-05-26 13:43:28 UTC 
Restriction for VPN types removed; nmcli will just print a warning for unknown types:
jk/cli-vpn-types-rh1100750
Comment 6 Thomas Haller 2014-05-26 14:36:05 UTC 
(In reply to Jirka Klimes from comment #5)
> Restriction for VPN types removed; nmcli will just print a warning for
> unknown types:
> jk/cli-vpn-types-rh1100750

Looks good to me
Comment 7 Dan Williams 2014-05-27 14:48:14 UTC 
Looks good to me too.
Comment 8 Jirka Klimes 2014-05-28 07:49:20 UTC 
Committed to upstream master as:
d721650 cli: do not restrict VPN type of created connections (rh #1100750)
649e4be cli: extract username and gateway for some more VPN types
Comment 16 errata-xmlrpc 2015-03-05 13:51:19 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-0311.html