Bug 126912 - Roadwarrior config impossible for ipsec-tools
Summary: Roadwarrior config impossible for ipsec-tools
Alias: None
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: initscripts   
(Show other bugs)
Version: 3.0
Hardware: All Linux
Target Milestone: ---
Assignee: Bill Nottingham
QA Contact:
Depends On:
Blocks: 168973
TreeView+ depends on / blocked
Reported: 2004-06-28 23:18 UTC by Graham Leggett
Modified: 2014-03-17 02:46 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2005-09-21 19:26:35 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Graham Leggett 2004-06-28 23:18:49 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7) Gecko/20040623

Description of problem:
It seems that the Redhat ifcfg-ipsec0 config for ipsec-tools can not
be configured as a gateway for ipsec road warriors.

There is a requirement that the remote device be specified on all
tunnels, which is impossible to do in a road warrior config, as there
is no way the ipsec-tools gateway can know in advance what IP
addresses the road warrior will use to connect to the server.

This is a serious limitation to RHEL3, and with the lack of stability
of freeswan is a serious setback to anybody trying to deploy a ipsec

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:

Additional info:

Comment 1 Bill Nottingham 2004-06-29 05:17:58 UTC
AFAIK, this is not possible with ipsec-tools-0.2.x.

Comment 2 Graham Leggett 2004-06-29 10:30:24 UTC
Not according to http://www.ipsec-howto.org/x247.html.

So far it looks like all docs for ipsec-tools are contradictory, the
Redhat supplied docs are incomplete are quite clearly have never been

It raises the question of whether ipsec-tools have any business being
inside the RHEL3 distribution in the first place.

Comment 3 Bill Nottingham 2004-06-29 18:24:56 UTC
Sorry about that, you are correct.

Comment 4 Bill Nottingham 2005-09-21 19:26:35 UTC
With the goal of minimizing risk of change for deployed systems, and in response
to customer and partner requirements, Red Hat takes a conservative approach when
evaluating changes for inclusion in maintenance updates for currently deployed
products. The primary objectives of update releases are to enable new hardware
platform support and to resolve critical defects.

As such, changes of this magnitude to the configuration infrastructure for
ipsec-tools probably aren't going to be backported to RHEL 3/RHEL 4. This bug
has been cloned as a enhancement for a later release.

Note You need to log in before you can comment on or make changes to this bug.