IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Example YAML for x509 based authentication:
```yml
---
interfaces:
- name: hosta_conn
type: ipsec
ipv4:
enabled: true
dhcp: true
libreswan:
right: 192.0.2.252
rightid: 'hostb.example.org'
left: 192.0.2.251
leftid: '%fromcert'
leftcert: hosta.example.org
ikev2: insist
```
Example YAML for PSK based authentication:
```yml
---
interfaces:
- name: hosta_conn
type: ipsec
ipv4:
enabled: true
dhcp: true
libreswan:
right: 192.0.2.252
rightid: 'srv-id.example.org'
left: 192.0.2.251
leftid: 'cli-id.example.org'
psk: "psk_password"
ikev2: insist
```
All supported libreswan config keys are:
* `right`
* `rightid`
* `rightrsasigkey`
* `left`
* `leftid`
* `leftrsasigkey`
* `leftcert`
* `ikev2`
* `psk`
The `psk` is nmstate specific and will replaced by
`<_password_hid_by_nmstate>` when querying.
Other properties are libreswan specific, please refer to libreswan
document.
Please install `libreswan` and `NetworkManager-libreswan` and restart
NetworkManager and ipsec daemons.
We failed to setup IPv6 IPSEC tunnel, hence IPv6 tunnel is not tested.
In our test of PSK, we noticed the PSK only works after we removed the
`@` prefix from leftid and rightid. It might not be a problem of your
system.
Integration test case included.
Resolves: RHEL-1605
Signed-off-by: Gris Ge <fge@redhat.com>
* Enable the CI for integration test pass on `static_ip_address_test.py`
with test type `integ_rust`.
* Enabled github CI for build and lint check.
* New sub rpm package `nmstate-libs` to C binding of rust code.
* New CLI tool `/usr/bin/ncl` for rust code.
Signed-off-by: Gris Ge <fge@redhat.com>