Openswan's IKEv2-only mode does not work properly when pluto is acting as the responder
Issue
When configuring Openswan with the ikev2=insist option, if an IKEv1 peer initiates the connection, the IKEv1 connection is still allowed. The policy flags displayed in 'ipsec auto --status' indicate that IKEv1 is disabled, and the ipsec.conf man page states that ikev2=insist means we should only propose and accept an IKEv2 negotiation.
Environment
- Red Hat Enterprise Linux 6
- openswan-2.6.32-20.el6
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
