When configuring Openswan with the ikev2=insist option, if an IKEv1 peer initiates the connection, the IKEv1 connection is still allowed. The policy flags displayed in 'ipsec auto --status' indicate that IKEv1 is disabled, and the ipsec.conf man page states that ikev2=insist means we should only propose and accept an IKEv2 negotiation.
- Red Hat Enterprise Linux 6
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.