Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-33712

Support for multiple subnets in IPSec policy via leftsubnets/rightsubnets in NM-libreswan

XMLWordPrintable

    • sst_network_management
    • ssg_networking
    • 2
    • False
    • Hide

      None

      Show
      None
    • Hide

      Given a network administrator requires a setup where multiple subnets need to communicate securely through a single IPsec tunnel, 

      When they configure an IPsec policy in NetworkManager-libreswan using leftsubnets and rightsubnets, specifying multiple subnets in the format

      { networkA/netmaskA, networkB/netmaskB, ... }

      Then, NetworkManager-libreswan should correctly interpret and apply these configurations, establishing IPsec tunnels that facilitate all specified combinations of subnet pairings as defined.

       

      Definition of Done:

      • The implementation meets the acceptance criteria
      • Integration tests are written and pass
      • The feature is part of a downstream build attached to an errata
      • The release note text is filled
      • The feature is backported into RHEL-9.4
      Show
      Given a network administrator requires a setup where multiple subnets need to communicate securely through a single IPsec tunnel,  When they configure an IPsec policy in NetworkManager-libreswan using leftsubnets and rightsubnets, specifying multiple subnets in the format { networkA/netmaskA, networkB/netmaskB, ... } Then, NetworkManager-libreswan should correctly interpret and apply these configurations, establishing IPsec tunnels that facilitate all specified combinations of subnet pairings as defined.   Definition of Done: The implementation meets the acceptance criteria Integration tests are written and pass The feature is part of a downstream build attached to an errata The release note text is filled The feature is backported into RHEL-9.4

      This is the NM-libreswan counterpart of RHEL-32947 and should allow users to configure IPsec policies using leftsubnets and rightsubnets{}, specifying multiple subnets. This is needed for setups requiring secure communication across multiple subnets through a single IPsec tunnel, a common requirement in complex network environments.

            rh-ee-sfaye Stanislas Faye
            rh-ee-sfaye Stanislas Faye
            Network Management Team Network Management Team
            Vladimir Benes Vladimir Benes
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated: