nmstate

tsarevvv/nmstate

Fork 0

Commit Graph

Author	SHA1	Message	Date
Gris Ge	4a88d33d02	Ipsec tunnel support Example YAML for x509 based authentication: ```yml --- interfaces: - name: hosta_conn type: ipsec ipv4: enabled: true dhcp: true libreswan: right: 192.0.2.252 rightid: 'hostb.example.org' left: 192.0.2.251 leftid: '%fromcert' leftcert: hosta.example.org ikev2: insist ``` Example YAML for PSK based authentication: ```yml --- interfaces: - name: hosta_conn type: ipsec ipv4: enabled: true dhcp: true libreswan: right: 192.0.2.252 rightid: 'srv-id.example.org' left: 192.0.2.251 leftid: 'cli-id.example.org' psk: "psk_password" ikev2: insist ``` All supported libreswan config keys are: * `right` * `rightid` * `rightrsasigkey` * `left` * `leftid` * `leftrsasigkey` * `leftcert` * `ikev2` * `psk` The `psk` is nmstate specific and will replaced by `<_password_hid_by_nmstate>` when querying. Other properties are libreswan specific, please refer to libreswan document. Please install `libreswan` and `NetworkManager-libreswan` and restart NetworkManager and ipsec daemons. We failed to setup IPv6 IPSEC tunnel, hence IPv6 tunnel is not tested. In our test of PSK, we noticed the PSK only works after we removed the `@` prefix from leftid and rightid. It might not be a problem of your system. Integration test case included. Resolves: RHEL-1605 Signed-off-by: Gris Ge <fge@redhat.com>	2023-11-15 17:25:26 +08:00
Gris Ge	df89b76dde	rust: initial import of nmstate-rs * Enable the CI for integration test pass on `static_ip_address_test.py` with test type `integ_rust`. * Enabled github CI for build and lint check. * New sub rpm package `nmstate-libs` to C binding of rust code. * New CLI tool `/usr/bin/ncl` for rust code. Signed-off-by: Gris Ge <fge@redhat.com>	2021-10-18 15:22:53 +08:00

Author

SHA1

Message

Date

Gris Ge

4a88d33d02

Ipsec tunnel support

Example YAML for x509 based authentication:

```yml
---
interfaces:
- name: hosta_conn
  type: ipsec
  ipv4:
    enabled: true
    dhcp: true
  libreswan:
    right: 192.0.2.252
    rightid: 'hostb.example.org'
    left: 192.0.2.251
    leftid: '%fromcert'
    leftcert: hosta.example.org
    ikev2: insist
```

Example YAML for PSK based authentication:

```yml
---
interfaces:
- name: hosta_conn
  type: ipsec
  ipv4:
    enabled: true
    dhcp: true
  libreswan:
    right: 192.0.2.252
    rightid: 'srv-id.example.org'
    left: 192.0.2.251
    leftid: 'cli-id.example.org'
    psk: "psk_password"
    ikev2: insist
```

All supported libreswan config keys are:
 * `right`
 * `rightid`
 * `rightrsasigkey`
 * `left`
 * `leftid`
 * `leftrsasigkey`
 * `leftcert`
 * `ikev2`
 * `psk`

The `psk` is nmstate specific and will replaced by
`<_password_hid_by_nmstate>` when querying.
Other properties are libreswan specific, please refer to libreswan
document.

Please install `libreswan` and `NetworkManager-libreswan` and restart
NetworkManager and ipsec daemons.

We failed to setup IPv6 IPSEC tunnel, hence IPv6 tunnel is not tested.

In our test of PSK, we noticed the PSK only works after we removed the
`@` prefix from leftid and rightid. It might not be a problem of your
system.

Integration test case included.

Resolves: RHEL-1605

Signed-off-by: Gris Ge <fge@redhat.com>

2023-11-15 17:25:26 +08:00

Gris Ge

df89b76dde

rust: initial import of nmstate-rs

* Enable the CI for integration test pass on `static_ip_address_test.py`
   with test type `integ_rust`.
 * Enabled github CI for build and lint check.
 * New sub rpm package `nmstate-libs` to C binding of rust code.
 * New CLI tool `/usr/bin/ncl` for rust code.

Signed-off-by: Gris Ge <fge@redhat.com>

2021-10-18 15:22:53 +08:00

2 Commits