Bug 173874 - NetworkManager does not support IPSec transport mode
NetworkManager does not support IPSec transport mode
Product: Fedora
Classification: Fedora
Component: NetworkManager (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Lubomir Rintel
: FutureFeature
Depends On:
Blocks: 529260
  Show dependency treegraph
Reported: 2005-11-21 20:19 EST by W. Michael Petullo
Modified: 2015-08-18 10:56 EDT (History)
7 users (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description W. Michael Petullo 2005-11-21 20:19:34 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux ppc; en-US; rv:1.7.12) Gecko/20051018 Epiphany/1.8.2

Description of problem:
NetworkManager does not support protecting communication using IPSec in transport mode.  For example, I have a computer with the following ifcfg-ipsec0:


When NetworkManager brings up my network interface, it does not initialize my IPSec configurations.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
Connect to a network that uses IPSec.  Notice that NetworkManager will not configure IPSec transport mode links.

Additional info:
Comment 1 John Poelstra 2008-07-09 00:56:01 EDT
triaged--I am assuming NetWork manager still cannot do this.
Comment 2 Dan Williams 2008-07-09 12:07:38 EDT
Right; there are discussions going on upstream to get the necessary bits
together but it's going to take a while to actually do.
Comment 3 Huzaifa S. Sidhpurwala 2009-10-15 23:56:56 EDT
Are we talking about a new nm plugin for ipsec?
Do you mind if i give a hand there?
Comment 4 Pavel Šimerda (pavlix) 2011-07-01 18:32:37 EDT
AFAIK there's no *real* support for IPsec in NetworkManager. Last time I tried it (Fedora 15), the form asked me for several names and almost as many passwords, even though connecting to IPsec should be very simple, one name/id and password (PSK) or private key (+certificates) should be more than enough.
Comment 5 Ma Hsiao-chun 2012-03-01 06:16:41 EST
There is a NetworkManager plugin of strongSwan.
This should be very relevant to IPSec stuff.
BUT, PSK is not supported by intention. The author thinks PSK is insecure.
Comment 6 Ma Hsiao-chun 2012-03-01 20:17:21 EST
Related bug reports in other sites. They contain more information.
Comment 7 Pavel Šimerda (pavlix) 2012-03-02 10:33:30 EST
I am the maintainer of Strongswan package in Fedora (only in testing now). I will be happy to experiment with strongswan networkmanager integration.
Comment 8 Pavel Šimerda (pavlix) 2013-01-04 03:56:26 EST
See also:

Comment 9 Fedora Admin XMLRPC Client 2015-08-18 10:56:11 EDT
This package has changed ownership in the Fedora Package Database.  Reassigning to the new owner of this component.

Note You need to log in before you can comment on or make changes to this bug.