Openswan's IKEv2-only mode does not work properly when pluto is acting as the responder

Solution Verified - Updated -

Issue

When configuring Openswan with the ikev2=insist option, if an IKEv1 peer initiates the connection, the IKEv1 connection is still allowed. The policy flags displayed in 'ipsec auto --status' indicate that IKEv1 is disabled, and the ipsec.conf man page states that ikev2=insist means we should only propose and accept an IKEv2 negotiation.

Environment

  • Red Hat Enterprise Linux 6
  • openswan-2.6.32-20.el6

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content