From e898dd2340eef90106c6027514e6e572a57ad613 Mon Sep 17 00:00:00 2001
From: teacup-on-rockingchair
 <315160+teacup-on-rockingchair@users.noreply.github.com>
Date: Thu, 22 Jan 2026 10:54:06 +0200
Subject: [PATCH 1/4] Enable libreswan_approved_tunnels rule for sle16

---
 products/sle16/profiles/hipaa.profile | 1 -
 1 file changed, 1 deletion(-)

diff --git a/products/sle16/profiles/hipaa.profile b/products/sle16/profiles/hipaa.profile
index 94fc562559a9..7208d847bc5d 100644
--- a/products/sle16/profiles/hipaa.profile
+++ b/products/sle16/profiles/hipaa.profile
@@ -48,7 +48,6 @@ selections:
     - '!file_permissions_user_cfg'
     - '!grub2_admin_username'
     - '!grub2_uefi_admin_username'
-    - '!libreswan_approved_tunnels'
     - '!package_rsh_removed'
     - '!package_rsh-server_removed'
     - '!package_talk_removed'

From 5efe68785df7d045704199b0856368aa718fc329 Mon Sep 17 00:00:00 2001
From: teacup-on-rockingchair
 <315160+teacup-on-rockingchair@users.noreply.github.com>
Date: Thu, 22 Jan 2026 10:55:20 +0200
Subject: [PATCH 2/4] Adapt libreswan_approved_tunnels for sle16 and sle15

Use checks and remediation instructions references with strongswan, as it is the default IPSec solution for sle15 and sle16 platforms
---
 .../policy/stig/shared.yml                    |  9 +++++++-
 .../libreswan_approved_tunnels/rule.yml       | 23 +++++++++++++++++++
 2 files changed, 31 insertions(+), 1 deletion(-)

diff --git a/linux_os/guide/system/network/network-ipsec/libreswan_approved_tunnels/policy/stig/shared.yml b/linux_os/guide/system/network/network-ipsec/libreswan_approved_tunnels/policy/stig/shared.yml
index ab4d53964856..17cb971f1309 100644
--- a/linux_os/guide/system/network/network-ipsec/libreswan_approved_tunnels/policy/stig/shared.yml
+++ b/linux_os/guide/system/network/network-ipsec/libreswan_approved_tunnels/policy/stig/shared.yml
@@ -9,14 +9,21 @@ checktext: |-
 
     Determine if the "IPsec" service is active with the following command:
 
+    {{% if product in ['sle15', 'sle16'] %}}
     $ systemctl is-active ipsec
+    {{% else %}}
+    $ systemctl is-active strongswan
+    {{% endif %}}
 
     Inactive
 
     If the "IPsec" service is active, check for configured IPsec connections ("conn"), with the following command:
 
     $ sudo grep -rni conn /etc/ipsec.conf /etc/ipsec.d/
-
+    {{% if product in ['sle15', 'sle16'] %}}
+    Also:
+    $ sudo grep -rni conn /etc/swanctl/swanctl.conf /etc/swanctl/conf.d/
+    {{% endif %}}
     Verify any returned results are documented with the ISSO.
 
     If the IPsec tunnels are active and not approved, this is a finding.
diff --git a/linux_os/guide/system/network/network-ipsec/libreswan_approved_tunnels/rule.yml b/linux_os/guide/system/network/network-ipsec/libreswan_approved_tunnels/rule.yml
index e479600d1a93..2c3fa2c123af 100644
--- a/linux_os/guide/system/network/network-ipsec/libreswan_approved_tunnels/rule.yml
+++ b/linux_os/guide/system/network/network-ipsec/libreswan_approved_tunnels/rule.yml
@@ -8,7 +8,11 @@ description: |-
     and IKE, which permits the creation of secure tunnels over
     untrusted networks. As such, IPsec can be used to circumvent certain
     network requirements such as filtering. Verify that if any IPsec connection
+    {{% if product in ['sle15', 'sle16'] %}}
+    (<tt>conn</tt>) configured in <tt>/etc/swanctl/swanctl.conf</tt> and <tt>/etc/swanctl/conf.d/</tt>
+    {{% else %}}
     (<tt>conn</tt>) configured in <tt>/etc/ipsec.conf</tt> and <tt>/etc/ipsec.d</tt>
+    {{% endif %}}
     exists is an approved organizational connection.
 
 rationale: 'IP tunneling mechanisms can be used to bypass network filtering.'
@@ -20,6 +24,7 @@ identifiers:
     cce@rhel9: CCE-90319-5
     cce@rhel10: CCE-87382-8
     cce@sle15: CCE-91153-7
+    cce@sle16: CCE-95793-6
 
 references:
     cis-csc: 1,12,13,14,15,16,18,4,6,8,9
@@ -41,18 +46,36 @@ ocil: |-
     {{% if 'rhel' in product or 'ol' in families %}}
     # {{{ pkg_manager }}} list installed libreswan
     libreswan.x86-64 3.20-5.el7_4
+    {{% elif product in ['sle15', 'sle16'] %}}
+    strongswan
     {{% endif %}}
 
+    {{% if product in ['sle15', 'sle16'] %}}
+    If "libreswan" is installed, check to see if the "IPsec" service is active with the following command:
+    {{% else %}}
     If "libreswan" is installed, check to see if the "IPsec" service is active with the following command:
+    {{% endif %}}
 
+    {{% if product in ['sle15', 'sle16'] %}}
+    # systemctl status strongswan
+    strongswan.service - strongSwan IPsec IKEv1/IKEv2 daemon using swanctl
+    Loaded: loaded (/usr/lib/systemd/system/strongswan.service; disabled; preset: disabled)
+    Active: inactive (dead)
+    {{% else %}}
     # systemctl status ipsec
     ipsec.service - Internet Key Exchange (IKE) Protocol Daemon for IPsec
     Loaded: loaded (/usr/lib/systemd/system/ipsec.service; disabled)
     Active: inactive (dead)
+    {{% endif %}}
 
 
     If the "IPsec" service is active, check for configured IPsec connections (<tt>conn</tt>), perform the following:
     <pre>grep -rni conn /etc/ipsec.conf /etc/ipsec.d/</pre>
+    {{% if product in ['sle15', 'sle16'] %}}
+    Also:
+    <pre>grep -rni conn /etc/swanctl/swanctl.conf /etc/swanctl/conf.d/</pre>
+    {{% endif %}}
+
     Verify any returned results for organizational approval.
 
 fixtext: |-

From d9d20cbbe815ffb54fd17ed648f440ab134ac8f2 Mon Sep 17 00:00:00 2001
From: teacup-on-rockingchair
 <315160+teacup-on-rockingchair@users.noreply.github.com>
Date: Thu, 22 Jan 2026 10:57:10 +0200
Subject: [PATCH 3/4] strongswan package is the libreswan alternative for sle15
 and sle16

---
 shared/applicability/package.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/shared/applicability/package.yml b/shared/applicability/package.yml
index 7a6ee2ffc985..5f81f2c90524 100644
--- a/shared/applicability/package.yml
+++ b/shared/applicability/package.yml
@@ -57,7 +57,7 @@ args:
     pkgname: libpwquality
     {{% endif %}}
   libreswan:
-    {{% if product == "sle15" %}}
+    {{% if product in  ["sle15", "sle16"] %}}
     pkgname: strongswan-ipsec
     {{% else %}}
     pkgname: libreswan

From 94f984bd7e60e98d39cec23f8aa22db564ece867 Mon Sep 17 00:00:00 2001
From: teacup-on-rockingchair
 <315160+teacup-on-rockingchair@users.noreply.github.com>
Date: Thu, 22 Jan 2026 10:57:51 +0200
Subject: [PATCH 4/4] Allocate CCE for sle16 support for
 libreswan_approved_tunnels rule

---
 shared/references/cce-sle16-avail.txt | 1 -
 1 file changed, 1 deletion(-)

diff --git a/shared/references/cce-sle16-avail.txt b/shared/references/cce-sle16-avail.txt
index 77ac5a0f06cc..104b04c8b550 100644
--- a/shared/references/cce-sle16-avail.txt
+++ b/shared/references/cce-sle16-avail.txt
@@ -57,7 +57,6 @@ CCE-95788-6
 CCE-95789-4
 CCE-95790-2
 CCE-95791-0
-CCE-95793-6
 CCE-95794-4
 CCE-95795-1
 CCE-95796-9