[strongSwan] IKEv2 fallback to IKEv1

Andreas Steffen andreas.steffen at strongswan.org
Wed Sep 8 11:14:40 CEST 2010

Hello Anand,

Thei IKEv1 and IKEv2 protocols are handled by the two independent
daemons pluto and charon, respectively which do not communicate
with each other. Therefore automatic fallback from IKEv2 to IKEv1
is not possible.



On 09/08/2010 10:47 AM, anand rao wrote:
> Hi,
> Is IKEv2 fallback to IKEv1 supported in strongswan4?
> Here is my configuration
> Host1 running both charon and pluto daemons.
> both has the same connection defined in ipsec.conf, for conn1 keyexchange=ikev2
> and conn2 keyexchange=ikev1.
> Host2 running only pluto deamon and keyexchange=ikev1.
> In this case when the connection is initiated from Host1 it is always trying to
> negotiate the connection with ikev2 and
> after detecting that the responder using ikev1, it is not doing the fallback to
> ikev1.
> Is this the correct behavior? if so how to achieve ikev2 fallback to ikev1 in
> strongswan.
> Please help.
> -Anand

Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)

More information about the Users mailing list