Bug 173874 - NetworkManager does not support IPSec transport mode
Summary: NetworkManager does not support IPSec transport mode
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: NetworkManager
Version: rawhide
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Lubomir Rintel
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 529260
TreeView+ depends on / blocked
 
Reported: 2005-11-22 01:19 UTC by W. Michael Petullo
Modified: 2023-09-14 23:56 UTC (History)
10 users (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-01-08 02:42:02 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description W. Michael Petullo 2005-11-22 01:19:34 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux ppc; en-US; rv:1.7.12) Gecko/20051018 Epiphany/1.8.2

Description of problem:
NetworkManager does not support protecting communication using IPSec in transport mode.  For example, I have a computer with the following ifcfg-ipsec0:

DST=192.168.0.10
TYPE=IPSEC
ONBOOT=no
IKE_METHOD=PSK

When NetworkManager brings up my network interface, it does not initialize my IPSec configurations.

Version-Release number of selected component (if applicable):
NetworkManager-0.5.1-4

How reproducible:
Always

Steps to Reproduce:
Connect to a network that uses IPSec.  Notice that NetworkManager will not configure IPSec transport mode links.
  

Additional info:

Comment 1 John Poelstra 2008-07-09 04:56:01 UTC
triaged--I am assuming NetWork manager still cannot do this.

Comment 2 Dan Williams 2008-07-09 16:07:38 UTC
Right; there are discussions going on upstream to get the necessary bits
together but it's going to take a while to actually do.

Comment 3 Huzaifa S. Sidhpurwala 2009-10-16 03:56:56 UTC
Are we talking about a new nm plugin for ipsec?
Do you mind if i give a hand there?

Comment 4 Pavel Šimerda (pavlix) 2011-07-01 22:32:37 UTC
AFAIK there's no *real* support for IPsec in NetworkManager. Last time I tried it (Fedora 15), the form asked me for several names and almost as many passwords, even though connecting to IPsec should be very simple, one name/id and password (PSK) or private key (+certificates) should be more than enough.

Comment 5 Ma Hsiao-chun 2012-03-01 11:16:41 UTC
FYI.
There is a NetworkManager plugin of strongSwan.
http://wiki.strongswan.org/projects/strongswan/wiki/NetworkManager
This should be very relevant to IPSec stuff.
BUT, PSK is not supported by intention. The author thinks PSK is insecure.

Comment 6 Ma Hsiao-chun 2012-03-02 01:17:21 UTC
FYI.
Related bug reports in other sites. They contain more information.
https://bugzilla.gnome.org/show_bug.cgi?id=554046
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/264691

Comment 7 Pavel Šimerda (pavlix) 2012-03-02 15:33:30 UTC
I am the maintainer of Strongswan package in Fedora (only in testing now). I will be happy to experiment with strongswan networkmanager integration.

Comment 8 Pavel Šimerda (pavlix) 2013-01-04 08:56:26 UTC
See also:

https://bugzilla.redhat.com/show_bug.cgi?id=863836

Comment 9 Fedora Admin XMLRPC Client 2015-08-18 14:56:11 UTC
This package has changed ownership in the Fedora Package Database.  Reassigning to the new owner of this component.

Comment 10 fred 2017-07-21 13:52:02 UTC
the openswan plugin doesnt seem to work either

Comment 11 W. Michael Petullo 2021-01-08 02:42:02 UTC
There now exist a number of VPN-related sub-packages for NetworkManager. If bugs exist in those packages, then we should open bugs against them. I am going to close this bug.

Comment 12 Red Hat Bugzilla 2023-09-14 23:56:46 UTC
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 500 days


Note You need to log in before you can comment on or make changes to this bug.