Bug 712246

Summary: There is no obvious way to make racoon transports or tunnels permanent
Product: [Fedora] Fedora Reporter: Pavel Šimerda (pavlix) <psimerda>
Component: NetworkManagerAssignee: Dan Williams <dcbw>
Status: CLOSED WONTFIX QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 15CC: dcbw
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-02-26 09:54:48 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Pavel Šimerda (pavlix) 2011-06-09 22:24:56 UTC 
It is not easy (by means of changing configuration or easy scripting) to set up Racoon to establish transports or tunnels for IPsec traffic upon booting or activating a network interface (acquiring an IP address).

Transports/tunnels are dynamically started when traffic apears. As a side-effect, first several packets of communication are often dropped, which is bad. Even if that was fixed, there will still be significant delay.

Some tunnels are intended to be run whenever possible, while others are better served on-demand.
Comment 1 Pavel Šimerda (pavlix) 2012-02-26 09:53:16 UTC 
Racoon is obsolete. It can be superseded by Racoon2 or Strongswan, both recently packaged for Fedora.