search

linux-system-roles / vpn

Role for managing VPN/IPSec
https://linux-system-roles.github.io/vpn/
MIT License
8 stars 14 forks source link

Add support for rhel7 managed hosts #25

Closed richm closed 3 years ago

richm commented 3 years ago

Add support for rhel7 managed hosts

richm commented 3 years ago

@letoams do you see any problems with this role supporting rhel7 systems? Do we use any settings/features which are not supported by libreswan on rhel7, or settings which are different on rhel7?

letoams commented 3 years ago

On Thu, 8 Apr 2021, Richard Megginson wrote:

@letoams do you see any problems with this role supporting rhel7 systems? Do we use any settings/features which are not supported by libreswan on rhel7, or settings which are different on rhel7?

You'll need to add ikev2=insist for all conns, since that wasn't the default in the older versions. There might be some cases that won't work due to bugs in the older libreswan version but the feature set should be close enough that I think it will work for most scenarios.

mprovenc commented 3 years ago

You'll need to add ikev2=insist for all conns, since that wasn't the default in the older versions. There might be some cases that won't work due to bugs in the older libreswan version but the feature set should be close enough that I think it will work for most scenarios.

ikev2=insist is already being enforced for all conns, so I think we're good with that. @richm I can see that there are two files in vars/ that relate to CentOS6 and RHEL6 where ikev2=no is the default. Since those releases are not supported by the role, should those two files be removed?

richm commented 3 years ago

You'll need to add ikev2=insist for all conns, since that wasn't the default in the older versions. There might be some cases that won't work due to bugs in the older libreswan version but the feature set should be close enough that I think it will work for most scenarios.

ikev2=insist is already being enforced for all conns, so I think we're good with that. @richm I can see that there are two files in vars/ that relate to CentOS6 and RHEL6 where ikev2=no is the default. Since those releases are not supported by the role, should those two files be removed?

Yes, we can remove those two files.

mprovenc commented 3 years ago

[citest bad]

richm commented 3 years ago

[citest bad]

richm commented 3 years ago

[citest pending]