I'm new at ipsec. Using libreswan 3.25-9.1.el7_8 on CentOS7.
I'm able to get a connection working, and follow the documentation, but cannot find how to silence the pluto process so it doesn't respond to external scans. the symptom is:
Dec 08 23:41:43 me-beta-51 pluto[29699]: packet from x.x.x.x:500: initial parent SA message received on x.x.x.x:500 but no suitable connection found with IKEv2 policy
Dec 08 23:41:43 me-beta-51 pluto[29699]: packet from x.x.x.x:500: responding to SA_INIT message (ID 0) from x.x.x.x:500 with unencrypted notification NO_PROPOSAL_CHOSEN
I would like pluto to neither respond to the remote, nor log these attempts (ie, "failureshunt=drop" or such), but I don't have the experience to know how to set up a wildcard "suitable connection"; The purpose is to harden the server against scans and DOS (the server's HD doesn't need to fill up with these messages)
Any insight would be appreciated!
