Bug 126912 - Roadwarrior config impossible for ipsec-tools
Roadwarrior config impossible for ipsec-tools
Status: CLOSED DEFERRED
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: initscripts (Show other bugs)
3.0
All Linux
medium Severity medium
: ---
: ---
Assigned To: Bill Nottingham
:
Depends On:
Blocks: 168973
  Show dependency treegraph
 
Reported: 2004-06-28 19:18 EDT by Graham Leggett
Modified: 2014-03-16 22:46 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-09-21 15:26:35 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Graham Leggett 2004-06-28 19:18:49 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7) Gecko/20040623

Description of problem:
It seems that the Redhat ifcfg-ipsec0 config for ipsec-tools can not
be configured as a gateway for ipsec road warriors.

There is a requirement that the remote device be specified on all
tunnels, which is impossible to do in a road warrior config, as there
is no way the ipsec-tools gateway can know in advance what IP
addresses the road warrior will use to connect to the server.

This is a serious limitation to RHEL3, and with the lack of stability
of freeswan is a serious setback to anybody trying to deploy a ipsec
gateway.


Version-Release number of selected component (if applicable):
ipsec-tools-0.2.5-0.4

How reproducible:
Always

Steps to Reproduce:
xxx

Additional info:
Comment 1 Bill Nottingham 2004-06-29 01:17:58 EDT
AFAIK, this is not possible with ipsec-tools-0.2.x.
Comment 2 Graham Leggett 2004-06-29 06:30:24 EDT
Not according to http://www.ipsec-howto.org/x247.html.

So far it looks like all docs for ipsec-tools are contradictory, the
Redhat supplied docs are incomplete are quite clearly have never been
tested.

It raises the question of whether ipsec-tools have any business being
inside the RHEL3 distribution in the first place.
Comment 3 Bill Nottingham 2004-06-29 14:24:56 EDT
Sorry about that, you are correct.
Comment 4 Bill Nottingham 2005-09-21 15:26:35 EDT
With the goal of minimizing risk of change for deployed systems, and in response
to customer and partner requirements, Red Hat takes a conservative approach when
evaluating changes for inclusion in maintenance updates for currently deployed
products. The primary objectives of update releases are to enable new hardware
platform support and to resolve critical defects.

As such, changes of this magnitude to the configuration infrastructure for
ipsec-tools probably aren't going to be backported to RHEL 3/RHEL 4. This bug
has been cloned as a enhancement for a later release.

Note You need to log in before you can comment on or make changes to this bug.