diff --git a/meta/recipes-devtools/rpm-sequoia/rpm-sequoia-crypto-policy/0001-libreswan-Allow-skipping-test_config-for-old-ipsec.patch b/meta/recipes-devtools/rpm-sequoia/rpm-sequoia-crypto-policy/0001-libreswan-Allow-skipping-test_config-for-old-ipsec.patch
new file mode 100644
index 0000000000..db3ea4b843
--- /dev/null
+++ b/meta/recipes-devtools/rpm-sequoia/rpm-sequoia-crypto-policy/0001-libreswan-Allow-skipping-test_config-for-old-ipsec.patch
@@ -0,0 +1,29 @@
+From f7a8e2c049c2c3e2bfcb801d7b65214c0a5bad77 Mon Sep 17 00:00:00 2001
+From: Yoann Congal <yoann.congal@smile.fr>
+Date: Tue, 15 Apr 2025 17:27:20 +0200
+Subject: [PATCH] libreswan: Allow skipping test_config for old ipsec
+
+In some case, /usr/sbin/ipsec does not handle the readwriteconf command.
+e.g. on Debian 12 with strongswan installed.
+As with the other OLD_* variables, add an OLD_LIBRESWAN environment
+variable to skip configuration testing on those systems.
+
+Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
+Upstream-Status: Backport [https://gitlab.com/redhat-crypto/fedora-crypto-policies/-/merge_requests/237]
+---
+ python/policygenerators/libreswan.py | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/python/policygenerators/libreswan.py b/python/policygenerators/libreswan.py
+index a2b02f5..d81ec0c 100644
+--- a/python/policygenerators/libreswan.py
++++ b/python/policygenerators/libreswan.py
+@@ -227,6 +227,8 @@ class LibreswanGenerator(ConfigGenerator):
+ 
+     @classmethod
+     def test_config(cls, config):
++        if os.getenv('OLD_LIBRESWAN') == '1':
++            return True
+         if not os.access('/usr/sbin/ipsec', os.X_OK):
+             return True
+ 
diff --git a/meta/recipes-devtools/rpm-sequoia/rpm-sequoia-crypto-policy_git.bb b/meta/recipes-devtools/rpm-sequoia/rpm-sequoia-crypto-policy_git.bb
index 522e9a393d..4ccfc95c33 100644
--- a/meta/recipes-devtools/rpm-sequoia/rpm-sequoia-crypto-policy_git.bb
+++ b/meta/recipes-devtools/rpm-sequoia/rpm-sequoia-crypto-policy_git.bb
@@ -8,7 +8,10 @@ LIC_FILES_CHKSUM = "file://COPYING.LESSER;md5=a6f89e2100d9b6cdffcea4f398e37343"
 # Python 3.11+ is needed to build fedora-crypto-policies
 inherit allarch python3native
 
-SRC_URI = "git://gitlab.com/redhat-crypto/fedora-crypto-policies.git;protocol=https;branch=master"
+SRC_URI = " \
+    git://gitlab.com/redhat-crypto/fedora-crypto-policies.git;protocol=https;branch=master \
+    file://0001-libreswan-Allow-skipping-test_config-for-old-ipsec.patch \
+"
 
 SRCREV = "032b418a6db842f0eab330eb5909e4604e888728"
 UPSTREAM_CHECK_COMMITS = "1"
@@ -20,10 +23,11 @@ do_compile () {
 	# It speeds up the build and we only need DEFAULT/rpm-sequoia.
 	rm -f $(ls -1 policies/*.pol | grep -v DEFAULT.pol) || echo nothing to delete
 
-	# Don't validate openssh and gnutls policy variants.
+	# Don't validate openssh, gnutls and libreswan policy variants.
 	# Validation may fail and these variants are not needed.
 	export OLD_OPENSSH=1
 	export OLD_GNUTLS=1
+	export OLD_LIBRESWAN=1
 
 	make ASCIIDOC=echo XSLTPROC=echo
 }