Bug 1300752

Summary: Include Opportunistic IPsec in libreswan
Product: Red Hat Enterprise Linux 7 Reporter: Paul Wouters <pwouters>
Component: libreswanAssignee: Paul Wouters <pwouters>
Status: CLOSED DUPLICATE QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.4CC: jaster, omoris, pwouters, tmraz
Target Milestone: rcKeywords: Rebase
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Rebase: Bug Fixes and Enhancements
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-11-30 01:09:38 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Paul Wouters 2016-01-21 15:58:43 UTC 
Opportunistic IPsec is used to install policies based on CIDRs and ports to try and opportunisticly build IPsec tunnels where possible. This can be unauthenticated (using AUTH-NULL) or authenticated (using GSSAPI/Kerberos, DNSSEC or other third party hooks)

Upstream work is happening on this, and expected to be released in 3.17 or 3.18..

The 3.16 release incorporated AUTH-NULL Opportunistic IPsec already.
Comment 4 Jaroslav Aster 2016-11-23 15:18:14 UTC 
Hi Paul,

could you please provide us list of new features to test in new package if there will be any? Thanks.
Comment 5 Paul Wouters 2016-11-30 01:09:38 UTC 

*** This bug has been marked as a duplicate of bug 1324458 ***