libreswan: proper IKEv2 certificate setup (!573) · Merge requests · NetworkManager / NetworkManager-ci

Filip Pokryvka requested to merge devel/fp/libreswan into master Jun 02, 2020

Use certificates for IKEv2 and PSK for IKEv1. Also, DH and PH1 arguments were not used by the script, though deleted.

Switched to manual IP addresses, no dnsmasq required. This is much faster. Also modified setup to be run without need of teardown. Not sure if needed, the slowest part (dnsmasq) is not used anymore and setup is fast now.

This requires to use public IP address (certifiacte for IP from private range is not valid/matched by ipsec).

Admin message

libreswan: proper IKEv2 certificate setup

Merge request reports