4a88d33d02
Example YAML for x509 based authentication:
```yml
---
interfaces:
- name: hosta_conn
type: ipsec
ipv4:
enabled: true
dhcp: true
libreswan:
right: 192.0.2.252
rightid: 'hostb.example.org'
left: 192.0.2.251
leftid: '%fromcert'
leftcert: hosta.example.org
ikev2: insist
```
Example YAML for PSK based authentication:
```yml
---
interfaces:
- name: hosta_conn
type: ipsec
ipv4:
enabled: true
dhcp: true
libreswan:
right: 192.0.2.252
rightid: 'srv-id.example.org'
left: 192.0.2.251
leftid: 'cli-id.example.org'
psk: "psk_password"
ikev2: insist
```
All supported libreswan config keys are:
* `right`
* `rightid`
* `rightrsasigkey`
* `left`
* `leftid`
* `leftrsasigkey`
* `leftcert`
* `ikev2`
* `psk`
The `psk` is nmstate specific and will replaced by
`<_password_hid_by_nmstate>` when querying.
Other properties are libreswan specific, please refer to libreswan
document.
Please install `libreswan` and `NetworkManager-libreswan` and restart
NetworkManager and ipsec daemons.
We failed to setup IPv6 IPSEC tunnel, hence IPv6 tunnel is not tested.
In our test of PSK, we noticed the PSK only works after we removed the
`@` prefix from leftid and rightid. It might not be a problem of your
system.
Integration test case included.
Resolves: RHEL-1605
Signed-off-by: Gris Ge <fge@redhat.com>
5 lines
76 B
TOML
5 lines
76 B
TOML
max_width = 80
|
|
wrap_comments = true
|
|
reorder_imports = true
|
|
edition = "2021"
|