diff --git a/fix_ipsec.patch b/fix_ipsec.patch
new file mode 100644
index 0000000..42486de
--- /dev/null
+++ b/fix_ipsec.patch
@@ -0,0 +1,20 @@
+Index: fedora-policy-20221019/policy/modules/system/ipsec.te
+===================================================================
+--- fedora-policy-20221019.orig/policy/modules/system/ipsec.te
++++ fedora-policy-20221019/policy/modules/system/ipsec.te
+@@ -87,6 +87,7 @@ allow ipsec_t self:tcp_socket create_str
+ allow ipsec_t self:udp_socket create_socket_perms;
+ allow ipsec_t self:packet_socket create_socket_perms;
+ allow ipsec_t self:key_socket create_socket_perms;
++allow ipsec_t self:alg_socket create_socket_perms;
+ allow ipsec_t self:fifo_file read_fifo_file_perms;
+ allow ipsec_t self:netlink_xfrm_socket { create_netlink_socket_perms nlmsg_write };
+ allow ipsec_t self:netlink_selinux_socket create_socket_perms;
+@@ -269,6 +270,7 @@ allow ipsec_mgmt_t self:unix_stream_sock
+ allow ipsec_mgmt_t self:tcp_socket create_stream_socket_perms;
+ allow ipsec_mgmt_t self:udp_socket create_socket_perms;
+ allow ipsec_mgmt_t self:key_socket create_socket_perms;
++allow ipsec_mgmt_t self:alg_socket create_socket_perms;
+ allow ipsec_mgmt_t self:fifo_file rw_fifo_file_perms;
+ allow ipsec_mgmt_t self:netlink_xfrm_socket { create_netlink_socket_perms nlmsg_read };
+ allow ipsec_mgmt_t self:netlink_route_socket { create_netlink_socket_perms };
diff --git a/selinux-policy.changes b/selinux-policy.changes
index fe1e438..3ab948c 100644
--- a/selinux-policy.changes
+++ b/selinux-policy.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Thu Dec 15 16:11:15 UTC 2022 - Hu <cathy.hu@suse.com>
+
+- Added fix_ipsec.patch: Allow AF_ALG socket creation for strongswan
+  (bnc#1206445)
+
 -------------------------------------------------------------------
 Wed Dec 14 15:40:12 UTC 2022 - Hu <cathy.hu@suse.com>
 
diff --git a/selinux-policy.spec b/selinux-policy.spec
index f27b5e0..89d670b 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -147,6 +147,7 @@ Patch062:       fix_cloudform.patch
 Patch063:       fix_alsa.patch
 Patch064:       dontaudit_interface_kmod_tmpfs.patch
 Patch065:       fix_sendmail.patch
+Patch066:       fix_ipsec.patch
 
 Patch100:       sedoctool.patch