Red Hat Bugzilla – Bug 173874
NetworkManager does not support IPSec transport mode
Last modified: 2017-07-21 09:52:02 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux ppc; en-US; rv:1.7.12) Gecko/20051018 Epiphany/1.8.2
Description of problem:
NetworkManager does not support protecting communication using IPSec in transport mode. For example, I have a computer with the following ifcfg-ipsec0:
When NetworkManager brings up my network interface, it does not initialize my IPSec configurations.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
Connect to a network that uses IPSec. Notice that NetworkManager will not configure IPSec transport mode links.
triaged--I am assuming NetWork manager still cannot do this.
Right; there are discussions going on upstream to get the necessary bits
together but it's going to take a while to actually do.
Are we talking about a new nm plugin for ipsec?
Do you mind if i give a hand there?
AFAIK there's no *real* support for IPsec in NetworkManager. Last time I tried it (Fedora 15), the form asked me for several names and almost as many passwords, even though connecting to IPsec should be very simple, one name/id and password (PSK) or private key (+certificates) should be more than enough.
There is a NetworkManager plugin of strongSwan.
This should be very relevant to IPSec stuff.
BUT, PSK is not supported by intention. The author thinks PSK is insecure.
Related bug reports in other sites. They contain more information.
I am the maintainer of Strongswan package in Fedora (only in testing now). I will be happy to experiment with strongswan networkmanager integration.
This package has changed ownership in the Fedora Package Database. Reassigning to the new owner of this component.
the openswan plugin doesnt seem to work either