Red Hat Bugzilla – Bug 126912
Roadwarrior config impossible for ipsec-tools
Last modified: 2014-03-16 22:46:25 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7) Gecko/20040623
Description of problem:
It seems that the Redhat ifcfg-ipsec0 config for ipsec-tools can not
be configured as a gateway for ipsec road warriors.
There is a requirement that the remote device be specified on all
tunnels, which is impossible to do in a road warrior config, as there
is no way the ipsec-tools gateway can know in advance what IP
addresses the road warrior will use to connect to the server.
This is a serious limitation to RHEL3, and with the lack of stability
of freeswan is a serious setback to anybody trying to deploy a ipsec
Version-Release number of selected component (if applicable):
Steps to Reproduce:
AFAIK, this is not possible with ipsec-tools-0.2.x.
Not according to http://www.ipsec-howto.org/x247.html.
So far it looks like all docs for ipsec-tools are contradictory, the
Redhat supplied docs are incomplete are quite clearly have never been
It raises the question of whether ipsec-tools have any business being
inside the RHEL3 distribution in the first place.
Sorry about that, you are correct.
With the goal of minimizing risk of change for deployed systems, and in response
to customer and partner requirements, Red Hat takes a conservative approach when
evaluating changes for inclusion in maintenance updates for currently deployed
products. The primary objectives of update releases are to enable new hardware
platform support and to resolve critical defects.
As such, changes of this magnitude to the configuration infrastructure for
ipsec-tools probably aren't going to be backported to RHEL 3/RHEL 4. This bug
has been cloned as a enhancement for a later release.