Bug 168973 - No mechanism for configuring road-warrior gateway/client except by hand
Summary: No mechanism for configuring road-warrior gateway/client except by hand
Alias: None
Product: Fedora
Classification: Fedora
Component: ipsec-tools   
(Show other bugs)
Version: rawhide
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Paul Wouters
QA Contact: Fedora Extras Quality Assurance
Keywords: FutureFeature
Depends On: 126912
TreeView+ depends on / blocked
Reported: 2005-09-21 19:22 UTC by Bill Nottingham
Modified: 2014-03-17 02:56 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2013-11-14 01:52:06 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Bill Nottingham 2005-09-21 19:22:49 UTC
+++ This bug was initially created as a clone of Bug #126912 +++

From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7) Gecko/20040623

Description of problem:
It seems that the Redhat ifcfg-ipsec0 config for ipsec-tools can not
be configured as a gateway for ipsec road warriors.

There is a requirement that the remote device be specified on all
tunnels, which is impossible to do in a road warrior config, as there
is no way the ipsec-tools gateway can know in advance what IP
addresses the road warrior will use to connect to the server.

This is a serious limitation to RHEL3, and with the lack of stability
of freeswan is a serious setback to anybody trying to deploy a ipsec

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:

Additional info:

-- Additional comment from notting@redhat.com on 2004-06-29 01:17 EST --
AFAIK, this is not possible with ipsec-tools-0.2.x.

-- Additional comment from minfrin@sharp.fm on 2004-06-29 06:30 EST --
Not according to http://www.ipsec-howto.org/x247.html.

So far it looks like all docs for ipsec-tools are contradictory, the
Redhat supplied docs are incomplete are quite clearly have never been

It raises the question of whether ipsec-tools have any business being
inside the RHEL3 distribution in the first place.

Comment 1 John Poelstra 2008-07-08 03:56:21 UTC
Hi Bill,

Is this bug still applicable to rawhide?


Comment 2 Bill Nottingham 2011-12-13 19:11:24 UTC
These scripts were moved to ipsec-tools.

Comment 3 Fedora Admin XMLRPC Client 2013-11-13 16:17:15 UTC
This package has changed ownership in the Fedora Package Database.  Reassigning to the new owner of this component.

Comment 4 Paul Wouters 2013-11-14 01:52:06 UTC
ipsec-tools is not really supported for real deployments in fedora. Please use libreswan instead. ipsec-tools is mostly used for interop testing with libreswan.
ipsec-tools has further been replaced by openswan in rhel6 (and libreswan in rhel7)

Note You need to log in before you can comment on or make changes to this bug.