[Swan] How to re-enable IKEv1 on Rocky linux 9 / RHEL9?
Tuomo Soini
tis at foobar.fi
Mon Apr 8 17:15:38 EEST 2024
On Mon, 8 Apr 2024 17:03:49 +0300
Viktor Keremedchiev via Swan <swan at lists.libreswan.org> wrote:
> Hello,
>
> On rocky linux 9 I’m not able to get IKEv1 working,
> libreswan-4.12-1.el9.x86_64 from EPEL repository.
>
> I have created and enabled crypto-policy module that allows it
> explicitly crypto-policies/policies/modules/IKEV1.pmod
> protocol at IKE = IKEv1 IKEv2
That is not needed at all.
> As per the relevant config I have
> ikev1-policy=accept
ikev1-policy is config setup option, not connection option.
> I have also commented out in /etc/ipsec.conf
> #etc/crypto-policies/back-ends/libreswan.config
Commenting out crypto-policy include means you have necessary
algorithms enabled for ikev1.
> But I still get following in the /var/log/pluto.log
>
> packet from 213………...500: ignoring IKEv1 packet as policy is set to
> silently drop all IKEv1 packets
Yes. Because your "config setup" section doesn't have
"<tab>ikev1-policy=accept"
--
Tuomo Soini <tis at foobar.fi>
Foobar Linux services
+358 40 5240030
Foobar Oy <https://foobar.fi/>
More information about the Swan
mailing list