diff --git a/NetworkManager-libreswan.spec b/NetworkManager-libreswan.spec
index fd22765..924d498 100644
--- a/NetworkManager-libreswan.spec
+++ b/NetworkManager-libreswan.spec
@@ -11,7 +11,7 @@
 
 %global real_version     1.2.30
 %global rpm_version      1.2.30
-%global release_version  1
+%global release_version  2
 
 %global real_version_major %(printf '%s' '%{real_version}' | sed -n 's/^\\([1-9][0-9]*\\.[1-9][0-9]*\\)\\.[1-9][0-9]*$/\\1/p')
 
@@ -26,6 +26,7 @@ Release:   %{release_version}%{?dist}
 License:   GPLv2+
 URL:       https://gitlab.gnome.org/GNOME/NetworkManager-libreswan/
 Source0:   https://download.gnome.org/sources/NetworkManager-libreswan/%{real_version_major}/%{name}-%{real_version}.tar.xz
+Patch0:    RHEL-85786-fix-leftsubnets-and-rightsubnets.patch
 
 BuildRequires: make
 BuildRequires: gcc
@@ -127,6 +128,9 @@ rm -f %{buildroot}%{_libdir}/NetworkManager/lib*.la
 %endif
 
 %changelog
+* Fri Mar 27 2026 Gris Ge <fge@redhat.com> - 1.2.30-2
+- Fix the support of leftsubnets and rightsubnets. (RHEL-161465)
+
 * Mon Jan 12 2026 Vladimír Beneš <vbenes@redhat.com> - 1.2.30-1
 - Upgrade to 1.2.30
 - Declare supports-safe-private-file-access (RHEL-140610)
diff --git a/RHEL-85786-fix-leftsubnets-and-rightsubnets.patch b/RHEL-85786-fix-leftsubnets-and-rightsubnets.patch
new file mode 100644
index 0000000..ec186b9
--- /dev/null
+++ b/RHEL-85786-fix-leftsubnets-and-rightsubnets.patch
@@ -0,0 +1,132 @@
+From 84472d6ed47974b6522236d7e30e2196274750dd Mon Sep 17 00:00:00 2001
+From: Gris Ge <fge@redhat.com>
+Date: Tue, 24 Mar 2026 16:51:01 +0800
+Subject: [PATCH] Fix the support of leftsubnets and rightsubnets
+
+The `NM_LIBRESWAN_KEY_LEFTSUBNETS` and `NM_LIBRESWAN_KEY_RIGHTSUBNETS`
+are not enabled in `struct LibreswanParam params[]` leading
+NetworkManager reject these two options when sending to NM-libreswan
+with error:
+
+```text
+GDBus.Error:org.freedesktop.NetworkManager.VPN.Error.InvalidConnection:
+Invalid VPN setting: property 'leftsubnets' invalid or not supported
+```
+
+The GUI code(`properties/nm-libreswan-dialog.ui`) already has these two
+options processed at `local_network_label` and `remote_network_label`.
+
+Fixed by including these two options into `struct LibreswanParam params[]`.
+Added manpage for these two options.
+Included unit test cases.
+
+Resolves: https://redhat.atlassian.net/browse/RHEL-155372
+
+Signed-off-by: Gris Ge <fge@redhat.com>
+---
+ man/nm-settings-libreswan.5.in |  6 ++++
+ shared/test-utils.c            | 51 ++++++++++++++++++++++++++++++++++
+ shared/utils.c                 |  2 ++
+ 3 files changed, 59 insertions(+)
+
+diff --git a/man/nm-settings-libreswan.5.in b/man/nm-settings-libreswan.5.in
+index 0ef18e4..0bbc363 100644
+--- a/man/nm-settings-libreswan.5.in
++++ b/man/nm-settings-libreswan.5.in
+@@ -226,6 +226,12 @@ This option specifies the allowed protocols and ports over connection.
+ .TP
+ .I "rightprotoport"
+ This option specifies the allowed protocols and ports over connection.
++.TP
++.I "leftsubnets"
++This option specifies multiple private subnets behind the left participant.
++.TP
++.I "rightsubnets"
++This option specifies multiple private subnets behind the right participant.
+ 
+ .SH VPN.SECRETS
+ .PP
+diff --git a/shared/test-utils.c b/shared/test-utils.c
+index bcfbce3..f18ea8a 100644
+--- a/shared/test-utils.c
++++ b/shared/test-utils.c
+@@ -1081,12 +1081,63 @@ test_config_read_rsakey(void)
+ 	g_assert_cmpstr(nm_setting_vpn_get_data_item(s_vpn, "authby"), ==, "rsasig");
+ }
+ 
++static void
++test_config_read_write_subnets(void)
++{
++	GError *error = NULL;
++	NMSettingVpn *s_vpn;
++	NMSettingVpn *s_vpn_sanitized;
++	char *con_name = NULL;
++	char *str;
++	/* clang-format off */
++	const char *conf_str =
++		"# NetworkManager specific configs, don't remove:\n"
++		"# nm-auto-defaults=no\n\n"
++		"conn con_name\n"
++		" right=11.12.13.14\n"
++		" left=22.33.44.55\n"
++		" leftsubnets=192.168.2.0/24,10.0.1.0/24\n"
++		" rightsubnets=192.168.1.0/24,10.0.0.0/24\n";
++	/* clang-format on */
++
++	s_vpn = NM_SETTING_VPN(nm_setting_vpn_new());
++	nm_setting_vpn_add_data_item(s_vpn, "nm-auto-defaults", "no");
++	nm_setting_vpn_add_data_item(s_vpn, "right", "11.12.13.14");
++	nm_setting_vpn_add_data_item(s_vpn, "left", "22.33.44.55");
++	nm_setting_vpn_add_data_item(s_vpn, "rightsubnets", "192.168.1.0/24,10.0.0.0/24");
++	nm_setting_vpn_add_data_item(s_vpn, "leftsubnets", "192.168.2.0/24,10.0.1.0/24");
++	s_vpn_sanitized = sanitize_setting_vpn(s_vpn, &error);
++	g_assert_no_error(error);
++	str = nm_libreswan_get_ipsec_conf(4, s_vpn_sanitized, "con_name", NULL, FALSE, TRUE, &error);
++	g_assert_no_error(error);
++	g_assert_cmpstr(str, ==, conf_str);
++	g_free(str);
++	g_object_unref(s_vpn);
++	g_object_unref(s_vpn_sanitized);
++
++	s_vpn = nm_libreswan_parse_ipsec_conf(conf_str, &con_name, &error);
++	g_assert_no_error(error);
++	g_assert_cmpint(nm_setting_vpn_get_num_data_items(s_vpn), ==, 5);
++	g_assert_cmpstr(nm_setting_vpn_get_data_item(s_vpn, "nm-auto-defaults"), ==, "no");
++	g_assert_cmpstr(nm_setting_vpn_get_data_item(s_vpn, "left"), ==, "22.33.44.55");
++	g_assert_cmpstr(nm_setting_vpn_get_data_item(s_vpn, "right"), ==, "11.12.13.14");
++	g_assert_cmpstr(nm_setting_vpn_get_data_item(s_vpn, "leftsubnets"),
++	                ==,
++	                "192.168.2.0/24,10.0.1.0/24");
++	g_assert_cmpstr(nm_setting_vpn_get_data_item(s_vpn, "rightsubnets"),
++	                ==,
++	                "192.168.1.0/24,10.0.0.0/24");
++	g_object_unref(s_vpn);
++	g_clear_pointer(&con_name, g_free);
++}
++
+ int
+ main(int argc, char **argv)
+ {
+ 	g_test_init(&argc, &argv, NULL);
+ 
+ 	g_test_add_func("/utils/config/write", test_config_write);
++	g_test_add_func("/utils/config/subnets", test_config_read_write_subnets);
+ 	g_test_add_func("/utils/config/read", test_config_read);
+ 	g_test_add_func("/utils/config/read/rsakey", test_config_read_rsakey);
+ 	g_test_add_func("/utils/subnets/parse", test_parse_subnets);
+diff --git a/shared/utils.c b/shared/utils.c
+index 3980553..05d99e2 100644
+--- a/shared/utils.c
++++ b/shared/utils.c
+@@ -327,6 +327,8 @@ static const struct LibreswanParam params[] = {
+ 	{NM_LIBRESWAN_KEY_CLIENTADDRFAMILY, add, PARAM_PRINTABLE},
+ 	{NM_LIBRESWAN_KEY_LEFTSUBNET, add, PARAM_PRINTABLE},
+ 	{NM_LIBRESWAN_KEY_RIGHTSUBNET, add_rightsubnet, PARAM_PRINTABLE},
++	{NM_LIBRESWAN_KEY_LEFTSUBNETS, add, PARAM_PRINTABLE},
++	{NM_LIBRESWAN_KEY_RIGHTSUBNETS, add, PARAM_PRINTABLE},
+ 
+ 	{NM_LIBRESWAN_KEY_LEFTXAUTHUSER, add_username, PARAM_STRING | PARAM_OLD},
+ 	{NM_LIBRESWAN_KEY_LEFTUSERNAME, add_username, PARAM_STRING | PARAM_NEW},
+-- 
+2.53.0
+