[Swan] How to re-enable IKEv1 on Rocky linux 9 / RHEL9?
Viktor Keremedchiev
vkeremedchiev at adaptavist.com
Mon Apr 8 17:03:49 EEST 2024
Hello,
On rocky linux 9 I’m not able to get IKEv1 working, libreswan-4.12-1.el9.x86_64 from EPEL repository.
I have created and enabled crypto-policy module that allows it explicitly
crypto-policies/policies/modules/IKEV1.pmod
protocol at IKE = IKEv1 IKEv2
Now I should be allowed to have IKEv1 enable
crypto-policies/state/CURRENT.pol:# Policy LEGACY:IKEV1 dump
crypto-policies/state/CURRENT.pol:protocol at libreswan = IKEv1 IKEv2
As per the relevant config I have
ikev1-policy=accept
ikev2=no
I have also commented out in /etc/ipsec.conf
#etc/crypto-policies/back-ends/libreswan.config
But I still get following in the /var/log/pluto.log
packet from 213………...500: ignoring IKEv1 packet as policy is set to silently drop all IKEv1 packets
What do I need to get it sorted?
Thank you
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20240408/63af72c2/attachment.htm>
More information about the Swan
mailing list