V Tue, Nov 02, 2021 at 09:24:33AM -0400, Simo Sorce napsal(a):
Petr,
your message comes back quite unclear.
I'm sorry. I made a typo:
So the answer is that nmcli in Fedora does NOT use Openswan
I think what you mean is that because there were multiple related
implementations of IPsec all derived by the same old project that NM
decided to support them all under the name "openswan", but it is
compatible also with configuring libreswan and strongswan which were
forks of this project in the past and then developed independently.
Just to be clear, IPsec *is* a protocol, and Openswan *is* an
implementation, it's just the NM treat all of these implementation the
same and handles them all with a single plugin.
It's be nice if NM renamed it's plugin to something that just uses the
name IPsec, it would avoid a lot of confusion.
And my repoquery was suboptimal:
# dnf -q repoquery --qf '%{name} %{summary}' 'NetworkManager*' |grep -i
IPsec
NetworkManager-l2tp NetworkManager VPN plugin for L2TP and L2TP/IPsec
NetworkManager-l2tp-gnome NetworkManager VPN plugin for L2TP and L2TP/IPsec - GNOME files
NetworkManager-libreswan NetworkManager VPN plug-in for IPsec VPN
NetworkManager-strongswan NetworkManager strongSwan IPSec VPN plug-in
(See the IPsec misspelling at NetworkManager-strongswan.)
I wanted to say that each swan has its own plugin for NetworkManager.
Openswan also had its own. Maybe the swans are not fully interchangable. Maybe
their packaging predates RPM rich dependencies. Also historically, there were
other, unrelated IPsec implementations (Plutto, Racoon) with a completely
different interface.
-- Petr