Red Hat Bugzilla – Bug 126912
Roadwarrior config impossible for ipsec-tools
Last modified: 2014-03-16 22:46:25 EDT
From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7) Gecko/20040623 Description of problem: It seems that the Redhat ifcfg-ipsec0 config for ipsec-tools can not be configured as a gateway for ipsec road warriors. There is a requirement that the remote device be specified on all tunnels, which is impossible to do in a road warrior config, as there is no way the ipsec-tools gateway can know in advance what IP addresses the road warrior will use to connect to the server. This is a serious limitation to RHEL3, and with the lack of stability of freeswan is a serious setback to anybody trying to deploy a ipsec gateway. Version-Release number of selected component (if applicable): ipsec-tools-0.2.5-0.4 How reproducible: Always Steps to Reproduce: xxx Additional info:
AFAIK, this is not possible with ipsec-tools-0.2.x.
Not according to http://www.ipsec-howto.org/x247.html. So far it looks like all docs for ipsec-tools are contradictory, the Redhat supplied docs are incomplete are quite clearly have never been tested. It raises the question of whether ipsec-tools have any business being inside the RHEL3 distribution in the first place.
Sorry about that, you are correct.
With the goal of minimizing risk of change for deployed systems, and in response to customer and partner requirements, Red Hat takes a conservative approach when evaluating changes for inclusion in maintenance updates for currently deployed products. The primary objectives of update releases are to enable new hardware platform support and to resolve critical defects. As such, changes of this magnitude to the configuration infrastructure for ipsec-tools probably aren't going to be backported to RHEL 3/RHEL 4. This bug has been cloned as a enhancement for a later release.