[WIP] ipsec: add libreswan daemon support for background ipsec testing (!228) · Merge requests · NetworkManager / NetworkManager-ci

Francesco Giudici requested to merge devel/fg/libreswan_backend into master Sep 07, 2018

Just an initial work to support libreswan as backend daemon for testing ipsec (swap from racoon). Tested the proposed config manually on a VM against an IKEv1 aggressive scenario. The scenario was taken from the "nmcli - libreswan - add and connect a connection" test. In order for the test to succeed some things need to be changed yet in the backend):

VPN.BANNER - we need to add the expected banner to the backend
IP4.ADDRESS - for the "libreswan" connection we need to fix the ip address range used by the backend
the test embeds the expected connection from the environment: "racoon1". It has been changed to "libreswan1". Maybe we want to move the name to some neutral name to support both backends.

Note also that IKEv1 "main" scenario has not been tested (yet). The commit does not change the default ipsec testing backend (racoon), so does not harm. IKEv2 support should be planned as a 2nd step, after fully IKEv1 coverage has been achieved. Some more work is needed before merging. Sharing early for feedback/collaboration.

Admin message

[WIP] ipsec: add libreswan daemon support for background ipsec testing

Merge request reports