Openswan creates mis-matched encryption keys with md5 under an IKEv2 connection

Solution Verified - Updated -

Issue

  • When using ike=3des-md5;modp1024 on an IKEv2 tunnel to a different IPsec implementation, the SAs are established, but the installed kernel policy has different enc/auth keys from the peer. This was reported against Juniper and Navtel hardware, and can be reproduced against Strongswan.

Environment

  • Red Hat Enterprise Linux 6
  • openswan-2.6.32-20.el6

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In