Bug 126912

Summary: Roadwarrior config impossible for ipsec-tools
Product: Red Hat Enterprise Linux 3 Reporter: Graham Leggett <minfrin>
Component: initscriptsAssignee: Bill Nottingham <notting>
Status: CLOSED DEFERRED QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 3.0CC: rvokal, someone
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-09-21 19:26:35 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 168973    

Description Graham Leggett 2004-06-28 23:18:49 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7) Gecko/20040623

Description of problem:
It seems that the Redhat ifcfg-ipsec0 config for ipsec-tools can not
be configured as a gateway for ipsec road warriors.

There is a requirement that the remote device be specified on all
tunnels, which is impossible to do in a road warrior config, as there
is no way the ipsec-tools gateway can know in advance what IP
addresses the road warrior will use to connect to the server.

This is a serious limitation to RHEL3, and with the lack of stability
of freeswan is a serious setback to anybody trying to deploy a ipsec
gateway.


Version-Release number of selected component (if applicable):
ipsec-tools-0.2.5-0.4

How reproducible:
Always

Steps to Reproduce:
xxx

Additional info:
Comment 1 Bill Nottingham 2004-06-29 05:17:58 UTC 
AFAIK, this is not possible with ipsec-tools-0.2.x.
Comment 2 Graham Leggett 2004-06-29 10:30:24 UTC 
Not according to http://www.ipsec-howto.org/x247.html.

So far it looks like all docs for ipsec-tools are contradictory, the
Redhat supplied docs are incomplete are quite clearly have never been
tested.

It raises the question of whether ipsec-tools have any business being
inside the RHEL3 distribution in the first place.
Comment 3 Bill Nottingham 2004-06-29 18:24:56 UTC 
Sorry about that, you are correct.
Comment 4 Bill Nottingham 2005-09-21 19:26:35 UTC 
With the goal of minimizing risk of change for deployed systems, and in response
to customer and partner requirements, Red Hat takes a conservative approach when
evaluating changes for inclusion in maintenance updates for currently deployed
products. The primary objectives of update releases are to enable new hardware
platform support and to resolve critical defects.

As such, changes of this magnitude to the configuration infrastructure for
ipsec-tools probably aren't going to be backported to RHEL 3/RHEL 4. This bug
has been cloned as a enhancement for a later release.