2 Commits

Author SHA1 Message Date
Gris Ge
4a88d33d02 Ipsec tunnel support
Example YAML for x509 based authentication:

```yml
---
interfaces:
- name: hosta_conn
  type: ipsec
  ipv4:
    enabled: true
    dhcp: true
  libreswan:
    right: 192.0.2.252
    rightid: 'hostb.example.org'
    left: 192.0.2.251
    leftid: '%fromcert'
    leftcert: hosta.example.org
    ikev2: insist
```

Example YAML for PSK based authentication:

```yml
---
interfaces:
- name: hosta_conn
  type: ipsec
  ipv4:
    enabled: true
    dhcp: true
  libreswan:
    right: 192.0.2.252
    rightid: 'srv-id.example.org'
    left: 192.0.2.251
    leftid: 'cli-id.example.org'
    psk: "psk_password"
    ikev2: insist
```

All supported libreswan config keys are:
 * `right`
 * `rightid`
 * `rightrsasigkey`
 * `left`
 * `leftid`
 * `leftrsasigkey`
 * `leftcert`
 * `ikev2`
 * `psk`

The `psk` is nmstate specific and will replaced by
`<_password_hid_by_nmstate>` when querying.
Other properties are libreswan specific, please refer to libreswan
document.

Please install `libreswan` and `NetworkManager-libreswan` and restart
NetworkManager and ipsec daemons.

We failed to setup IPv6 IPSEC tunnel, hence IPv6 tunnel is not tested.

In our test of PSK, we noticed the PSK only works after we removed the
`@` prefix from leftid and rightid. It might not be a problem of your
system.

Integration test case included.

Resolves: RHEL-1605

Signed-off-by: Gris Ge <fge@redhat.com>
2023-11-15 17:25:26 +08:00
Gris Ge
df89b76dde rust: initial import of nmstate-rs
* Enable the CI for integration test pass on `static_ip_address_test.py`
   with test type `integ_rust`.
 * Enabled github CI for build and lint check.
 * New sub rpm package `nmstate-libs` to C binding of rust code.
 * New CLI tool `/usr/bin/ncl` for rust code.

Signed-off-by: Gris Ge <fge@redhat.com>
2021-10-18 15:22:53 +08:00