← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 2127159] Re: Libreswan config broken when used with new AEAD ciphers

 

Reviewed:  https://review.opendev.org/c/openstack/neutron-vpnaas/+/963489
Committed: https://opendev.org/openstack/neutron-vpnaas/commit/310ecf6cda791e60b1f97cfd8ca36a2a83ff381c
Submitter: "Zuul (22348)"
Branch:    master

commit 310ecf6cda791e60b1f97cfd8ca36a2a83ff381c
Author: Maximilian Sesterhenn <maximilian.sesterhenn@wiit.cloud>
Date:   Thu Oct 9 10:13:45 2025 +0200

    Add dialect map to support AEAD algorithms with Libreswan
    
    This adds the missing dialect map for Libreswan to support the new AEAD ciphers.
    
    Closes-Bug: #2127159
    Co-authored-by: Maximilian Stinsky <maximilian.stinsky-damke@wiit.cloud>
    Signed-off-by: Maximilian Sesterhenn <maximilian.sesterhenn@wiit.cloud>
    Change-Id: I1f6e9e6a46c8c148708e080bf4cbfb8ab37a9b90


** Changed in: neutron
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/2127159

Title:
  Libreswan config broken when used with new AEAD ciphers

Status in neutron:
  Fix Released

Bug description:
  Hello,

  while deploying VPNaaS we discovered that when using the newly supported AEAD ciphers like GCM with Libreswan the rendered ipsec.conf is broken.
  The internal enums are rendered into the config instead of the actual config values for the specific ciphers.
  As a result the VPN connection cannot be loaded as the values for ike= and phase2alg= are wrong.
  [1] added a dialect map for strongswan, but not for libreswan.

  [1] https://review.opendev.org/c/openstack/neutron-vpnaas/+/898830

  Best regards
  Maximilian Sesterhenn

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/2127159/+subscriptions



References