Openswan's IKEv2-only mode does not work properly when pluto is acting as the responder
Issue
When configuring Openswan with the ikev2=insist option, if an IKEv1 peer initiates the connection, the IKEv1 connection is still allowed. The policy flags displayed in 'ipsec auto --status' indicate that IKEv1 is disabled, and the ipsec.conf man page states that ikev2=insist means we should only propose and accept an IKEv2 negotiation.
Environment
- Red Hat Enterprise Linux 6
- openswan-2.6.32-20.el6
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.