Closed richm closed 3 years ago
@letoams do you see any problems with this role supporting rhel7 systems? Do we use any settings/features which are not supported by libreswan on rhel7, or settings which are different on rhel7?
On Thu, 8 Apr 2021, Richard Megginson wrote:
@letoams do you see any problems with this role supporting rhel7 systems? Do we use any settings/features which are not supported by libreswan on rhel7, or settings which are different on rhel7?
You'll need to add ikev2=insist for all conns, since that wasn't the default in the older versions. There might be some cases that won't work due to bugs in the older libreswan version but the feature set should be close enough that I think it will work for most scenarios.
You'll need to add ikev2=insist for all conns, since that wasn't the default in the older versions. There might be some cases that won't work due to bugs in the older libreswan version but the feature set should be close enough that I think it will work for most scenarios.
ikev2=insist
is already being enforced for all conns, so I think we're good with that. @richm I can see that there are two files in vars/
that relate to CentOS6 and RHEL6 where ikev2=no
is the default. Since those releases are not supported by the role, should those two files be removed?
You'll need to add ikev2=insist for all conns, since that wasn't the default in the older versions. There might be some cases that won't work due to bugs in the older libreswan version but the feature set should be close enough that I think it will work for most scenarios.
ikev2=insist
is already being enforced for all conns, so I think we're good with that. @richm I can see that there are two files invars/
that relate to CentOS6 and RHEL6 whereikev2=no
is the default. Since those releases are not supported by the role, should those two files be removed?
Yes, we can remove those two files.
[citest bad]
[citest bad]
[citest pending]
Add support for rhel7 managed hosts