Openswan creates mis-matched encryption keys with md5 under an IKEv2 connection
Issue
- When using ike=3des-md5;modp1024 on an IKEv2 tunnel to a different IPsec implementation, the SAs are established, but the installed kernel policy has different enc/auth keys from the peer. This was reported against Juniper and Navtel hardware, and can be reproduced against Strongswan.
Environment
- Red Hat Enterprise Linux 6
- openswan-2.6.32-20.el6
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.