Bug 173874 - NetworkManager does not support IPSec transport mode [NEEDINFO]
NetworkManager does not support IPSec transport mode
Status: ASSIGNED
Product: Fedora
Classification: Fedora
Component: NetworkManager (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Lubomir Rintel
: FutureFeature
Depends On:
Blocks: 529260
  Show dependency treegraph
 
Reported: 2005-11-21 20:19 EST by W. Michael Petullo
Modified: 2017-07-21 09:52 EDT (History)
9 users (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
fredoche: needinfo? (lkundrak)


Attachments (Terms of Use)

  None (edit)
Description W. Michael Petullo 2005-11-21 20:19:34 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux ppc; en-US; rv:1.7.12) Gecko/20051018 Epiphany/1.8.2

Description of problem:
NetworkManager does not support protecting communication using IPSec in transport mode.  For example, I have a computer with the following ifcfg-ipsec0:

DST=192.168.0.10
TYPE=IPSEC
ONBOOT=no
IKE_METHOD=PSK

When NetworkManager brings up my network interface, it does not initialize my IPSec configurations.

Version-Release number of selected component (if applicable):
NetworkManager-0.5.1-4

How reproducible:
Always

Steps to Reproduce:
Connect to a network that uses IPSec.  Notice that NetworkManager will not configure IPSec transport mode links.
  

Additional info:
Comment 1 John Poelstra 2008-07-09 00:56:01 EDT
triaged--I am assuming NetWork manager still cannot do this.
Comment 2 Dan Williams 2008-07-09 12:07:38 EDT
Right; there are discussions going on upstream to get the necessary bits
together but it's going to take a while to actually do.
Comment 3 Huzaifa S. Sidhpurwala 2009-10-15 23:56:56 EDT
Are we talking about a new nm plugin for ipsec?
Do you mind if i give a hand there?
Comment 4 Pavel Šimerda (pavlix) 2011-07-01 18:32:37 EDT
AFAIK there's no *real* support for IPsec in NetworkManager. Last time I tried it (Fedora 15), the form asked me for several names and almost as many passwords, even though connecting to IPsec should be very simple, one name/id and password (PSK) or private key (+certificates) should be more than enough.
Comment 5 Ma Hsiao-chun 2012-03-01 06:16:41 EST
FYI.
There is a NetworkManager plugin of strongSwan.
http://wiki.strongswan.org/projects/strongswan/wiki/NetworkManager
This should be very relevant to IPSec stuff.
BUT, PSK is not supported by intention. The author thinks PSK is insecure.
Comment 6 Ma Hsiao-chun 2012-03-01 20:17:21 EST
FYI.
Related bug reports in other sites. They contain more information.
https://bugzilla.gnome.org/show_bug.cgi?id=554046
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/264691
Comment 7 Pavel Šimerda (pavlix) 2012-03-02 10:33:30 EST
I am the maintainer of Strongswan package in Fedora (only in testing now). I will be happy to experiment with strongswan networkmanager integration.
Comment 8 Pavel Šimerda (pavlix) 2013-01-04 03:56:26 EST
See also:

https://bugzilla.redhat.com/show_bug.cgi?id=863836
Comment 9 Fedora Admin XMLRPC Client 2015-08-18 10:56:11 EDT
This package has changed ownership in the Fedora Package Database.  Reassigning to the new owner of this component.
Comment 10 fred 2017-07-21 09:52:02 EDT
the openswan plugin doesnt seem to work either

Note You need to log in before you can comment on or make changes to this bug.