yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #96622
[Bug 2127159] Re: Libreswan config broken when used with new AEAD ciphers
Reviewed: https://review.opendev.org/c/openstack/neutron-vpnaas/+/963489
Committed: https://opendev.org/openstack/neutron-vpnaas/commit/310ecf6cda791e60b1f97cfd8ca36a2a83ff381c
Submitter: "Zuul (22348)"
Branch: master
commit 310ecf6cda791e60b1f97cfd8ca36a2a83ff381c
Author: Maximilian Sesterhenn <maximilian.sesterhenn@wiit.cloud>
Date: Thu Oct 9 10:13:45 2025 +0200
Add dialect map to support AEAD algorithms with Libreswan
This adds the missing dialect map for Libreswan to support the new AEAD ciphers.
Closes-Bug: #2127159
Co-authored-by: Maximilian Stinsky <maximilian.stinsky-damke@wiit.cloud>
Signed-off-by: Maximilian Sesterhenn <maximilian.sesterhenn@wiit.cloud>
Change-Id: I1f6e9e6a46c8c148708e080bf4cbfb8ab37a9b90
** Changed in: neutron
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/2127159
Title:
Libreswan config broken when used with new AEAD ciphers
Status in neutron:
Fix Released
Bug description:
Hello,
while deploying VPNaaS we discovered that when using the newly supported AEAD ciphers like GCM with Libreswan the rendered ipsec.conf is broken.
The internal enums are rendered into the config instead of the actual config values for the specific ciphers.
As a result the VPN connection cannot be loaded as the values for ike= and phase2alg= are wrong.
[1] added a dialect map for strongswan, but not for libreswan.
[1] https://review.opendev.org/c/openstack/neutron-vpnaas/+/898830
Best regards
Maximilian Sesterhenn
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/2127159/+subscriptions
References