Bug 173874

Summary: NetworkManager does not support IPSec transport mode
Product: [Fedora] Fedora Reporter: W. Michael Petullo <redhat>
Component: NetworkManagerAssignee: Lubomir Rintel <lkundrak>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: damage3025, fredoche, goodmirek, huzaifas, i.grok, kzhang, lkundrak, mike, sergio.pasra, tomek
Target Milestone: ---Keywords: FutureFeature
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-01-08 02:42:02 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 529260    

Description W. Michael Petullo 2005-11-22 01:19:34 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux ppc; en-US; rv:1.7.12) Gecko/20051018 Epiphany/1.8.2

Description of problem:
NetworkManager does not support protecting communication using IPSec in transport mode.  For example, I have a computer with the following ifcfg-ipsec0:

DST=192.168.0.10
TYPE=IPSEC
ONBOOT=no
IKE_METHOD=PSK

When NetworkManager brings up my network interface, it does not initialize my IPSec configurations.

Version-Release number of selected component (if applicable):
NetworkManager-0.5.1-4

How reproducible:
Always

Steps to Reproduce:
Connect to a network that uses IPSec.  Notice that NetworkManager will not configure IPSec transport mode links.
  

Additional info:
Comment 1 John Poelstra 2008-07-09 04:56:01 UTC 
triaged--I am assuming NetWork manager still cannot do this.
Comment 2 Dan Williams 2008-07-09 16:07:38 UTC 
Right; there are discussions going on upstream to get the necessary bits
together but it's going to take a while to actually do.
Comment 3 Huzaifa S. Sidhpurwala 2009-10-16 03:56:56 UTC 
Are we talking about a new nm plugin for ipsec?
Do you mind if i give a hand there?
Comment 4 Pavel Šimerda (pavlix) 2011-07-01 22:32:37 UTC 
AFAIK there's no *real* support for IPsec in NetworkManager. Last time I tried it (Fedora 15), the form asked me for several names and almost as many passwords, even though connecting to IPsec should be very simple, one name/id and password (PSK) or private key (+certificates) should be more than enough.
Comment 5 Ma Hsiao-chun 2012-03-01 11:16:41 UTC 
FYI.
There is a NetworkManager plugin of strongSwan.
http://wiki.strongswan.org/projects/strongswan/wiki/NetworkManager
This should be very relevant to IPSec stuff.
BUT, PSK is not supported by intention. The author thinks PSK is insecure.
Comment 6 Ma Hsiao-chun 2012-03-02 01:17:21 UTC 
FYI.
Related bug reports in other sites. They contain more information.
https://bugzilla.gnome.org/show_bug.cgi?id=554046
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/264691
Comment 7 Pavel Šimerda (pavlix) 2012-03-02 15:33:30 UTC 
I am the maintainer of Strongswan package in Fedora (only in testing now). I will be happy to experiment with strongswan networkmanager integration.
Comment 8 Pavel Šimerda (pavlix) 2013-01-04 08:56:26 UTC 
See also:

https://bugzilla.redhat.com/show_bug.cgi?id=863836
Comment 9 Fedora Admin XMLRPC Client 2015-08-18 14:56:11 UTC 
This package has changed ownership in the Fedora Package Database.  Reassigning to the new owner of this component.
Comment 10 fred 2017-07-21 13:52:02 UTC 
the openswan plugin doesnt seem to work either
Comment 11 W. Michael Petullo 2021-01-08 02:42:02 UTC 
There now exist a number of VPN-related sub-packages for NetworkManager. If bugs exist in those packages, then we should open bugs against them. I am going to close this bug.
Comment 12 Red Hat Bugzilla 2023-09-14 23:56:46 UTC 
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 500 days