Bug 1292522 - Add remoteid/ph1id configuration feature
Add remoteid/ph1id configuration feature
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: ipsec-tools (Show other bugs)
23
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Paul Wouters
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2015-12-17 11:46 EST by Patrick Monnerat
Modified: 2016-01-03 16:19 EST (History)
1 user (show)

See Also:
Fixed In Version: ipsec-tools-0.8.2-3.fc23 ipsec-tools-0.8.2-3.fc22
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-01-03 15:22:57 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Add "REMOTE_ID" parameter. (396 bytes, patch)
2015-12-17 11:46 EST, Patrick Monnerat
no flags Details | Diff

  None (edit)
Description Patrick Monnerat 2015-12-17 11:46:19 EST
Created attachment 1106765 [details]
Add "REMOTE_ID" parameter.

Description of problem:
When several ipsec tunnels share a source network, the sainfos may conflict.
The "remoteid" parameter in sainfos can resolve ambiguities, but the current ifup-ipsec script does not feature adding the corresponding "ph1id" in tunnel definitions at ifup time.

The attached patch introduces a "REMOTE_ID" parameter that is used to specify a "ph1id" statement written to the tunnel's configuration file at ifup time. Specifying the corresponding id in the sainfos must be done manually in racoon.conf, as for any other sainfo parameter.

This is not really a bug: just an improvement easy to implement. Thanks for considering it.
Comment 1 Fedora Update System 2015-12-17 13:34:40 EST
ipsec-tools-0.8.2-3.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2015-be9c12bf1b
Comment 2 Fedora Update System 2015-12-17 13:35:50 EST
ipsec-tools-0.8.2-3.fc22 has been submitted as an update to Fedora 22. https://bodhi.fedoraproject.org/updates/FEDORA-2015-7f77d9498f
Comment 3 Fedora Update System 2015-12-18 06:26:26 EST
ipsec-tools-0.8.2-3.fc22 has been pushed to the Fedora 22 testing repository. If problems still persist, please make note of it in this bug report.
If you want to test the update, you can install it with
$ su -c 'dnf --enablerepo=updates-testing update ipsec-tools'
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-7f77d9498f
Comment 4 Fedora Update System 2015-12-18 06:55:14 EST
ipsec-tools-0.8.2-3.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report.
If you want to test the update, you can install it with
$ su -c 'dnf --enablerepo=updates-testing update ipsec-tools'
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-be9c12bf1b
Comment 5 Fedora Update System 2016-01-03 15:22:55 EST
ipsec-tools-0.8.2-3.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
Comment 6 Fedora Update System 2016-01-03 16:19:51 EST
ipsec-tools-0.8.2-3.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.