diff --git a/libreswan-5.2-pexpect-no-ike-sa-for-orphan-child.patch b/libreswan-5.2-pexpect-no-ike-sa-for-orphan-child.patch
new file mode 100644
index 0000000..9dd5b9f
--- /dev/null
+++ b/libreswan-5.2-pexpect-no-ike-sa-for-orphan-child.patch
@@ -0,0 +1,33 @@
+From 3674a375c04aff54226ba39040b9f5361427f807 Mon Sep 17 00:00:00 2001
+From: Ondrej Moris <omoris@redhat.com>
+Date: Sat, 22 Mar 2025 09:26:45 +0100
+Subject: [PATCH] ipsec delete: expect no IKE only for orphan child
+
+When terminating v2 states, CONNECTION_CUCKOO_CHILD SA does have
+IKE SA and hence we cannot expect it being NULL.
+
+Close #2123 Expect no IKE only for orphan child
+
+Signed-off-by: Ondrej Moris <omoris@redhat.com>
+Signed-off-by: Andrew Cagney <cagney@gnu.org>
+---
+ programs/pluto/terminate.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/programs/pluto/terminate.c b/programs/pluto/terminate.c
+index 5e4a69b2a5..c6953d0a2c 100644
+--- a/programs/pluto/terminate.c
++++ b/programs/pluto/terminate.c
+@@ -158,6 +158,9 @@ static void terminate_v2_states(struct connection *c,
+ 		connection_teardown_child(child, REASON_DELETED, HERE);
+ 		return;
+ 	case CONNECTION_CUCKOO_CHILD:
++		state_attach(&(*child)->sa, c->logger);
++		connection_teardown_child(child, REASON_DELETED, HERE);
++		return;
+ 	case CONNECTION_ORPHAN_CHILD:
+ 		state_attach(&(*child)->sa, c->logger);
+ 		PEXPECT(c->logger, ike == NULL);
+-- 
+2.49.0
+
diff --git a/libreswan.spec b/libreswan.spec
index d2e946d..e1dc33d 100644
--- a/libreswan.spec
+++ b/libreswan.spec
@@ -45,6 +45,7 @@ Source5: https://download.libreswan.org/cavs/ikev2.fax.bz2
 %endif
 
 Patch1: libreswan-4.15-ipsec_import.patch
+Patch2: libreswan-5.2-pexpect-no-ike-sa-for-orphan-child.patch
 
 BuildRequires: audit-libs-devel
 BuildRequires: bison