On Mon, 8 Apr 2024 17:03:49 +0300 Viktor Keremedchiev via Swan <[email protected]> wrote:
> Hello, > > On rocky linux 9 I’m not able to get IKEv1 working, > libreswan-4.12-1.el9.x86_64 from EPEL repository. > > I have created and enabled crypto-policy module that allows it > explicitly crypto-policies/policies/modules/IKEV1.pmod > protocol@IKE = IKEv1 IKEv2 That is not needed at all. > As per the relevant config I have > ikev1-policy=accept ikev1-policy is config setup option, not connection option. > I have also commented out in /etc/ipsec.conf > #etc/crypto-policies/back-ends/libreswan.config Commenting out crypto-policy include means you have necessary algorithms enabled for ikev1. > But I still get following in the /var/log/pluto.log > > packet from 213………...500: ignoring IKEv1 packet as policy is set to > silently drop all IKEv1 packets Yes. Because your "config setup" section doesn't have "<tab>ikev1-policy=accept" -- Tuomo Soini <[email protected]> Foobar Linux services +358 40 5240030 Foobar Oy <https://foobar.fi/> _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
