yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #96606
[Bug 2127159] [NEW] Libreswan config broken when used with new AEAD ciphers
Public bug reported:
Hello,
while deploying VPNaaS we discovered that when using the newly supported AEAD ciphers like GCM with Libreswan the rendered ipsec.conf is broken.
The internal enums are rendered into the config instead of the actual config values for the specific ciphers.
As a result the VPN connection cannot be loaded as the values for ike= and phase2alg= are wrong.
[1] added a dialect map for strongswan, but not for libreswan.
[1] https://review.opendev.org/c/openstack/neutron-vpnaas/+/898830
Best regards
Maximilian Sesterhenn
** Affects: neutron
Importance: Undecided
Status: New
** Tags: vpnaas
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/2127159
Title:
Libreswan config broken when used with new AEAD ciphers
Status in neutron:
New
Bug description:
Hello,
while deploying VPNaaS we discovered that when using the newly supported AEAD ciphers like GCM with Libreswan the rendered ipsec.conf is broken.
The internal enums are rendered into the config instead of the actual config values for the specific ciphers.
As a result the VPN connection cannot be loaded as the values for ike= and phase2alg= are wrong.
[1] added a dialect map for strongswan, but not for libreswan.
[1] https://review.opendev.org/c/openstack/neutron-vpnaas/+/898830
Best regards
Maximilian Sesterhenn
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/2127159/+subscriptions
