[strongSwan] OS X IPSec/L2TP and strongSwan results in INVALID_HASH_INFORMATION

Mohit Mehta mohit.mehta at vyatta.com
Fri Dec 3 18:28:51 CET 2010

I can confirm that this has been reported by windows users as well. Pasting link below that has the detailed conversation to help debug this :


----- Original Message -----
> Hi,
> Ok, next issue :). I'm trying to setup an OS X client IPSec/L2TP
> connection to strongSwan 4.5.0.
> The strongSwan server and the OS X client are both behind a NAT. I
> managed to find the configuration to get the tunnel establishment to
> pass phase 1 but it fails in phase 2. The OS X client (raccoon) fails
> to match its computed HASH(2) with strongSwan's hash passed with the
> STATE_QUICK_R0 message. I've attached the strongSwan debug traces and
> raccoon debug traces to this email. Any ideas why raccoon and
> strongSwan don't agree on the hash value?
> Someone reported a similar issue last month and indicated that things
> were working when the strongSwan server was NOT behind a NAT but
> failed when it was behind a NAT.
> Here's the config I'm using:
> conn rw
> esp=aes128-sha1 ike=aes128-sha-modp1024
> keyexchange=ikev1 keyingtries=3
> type=transport left=%defaultroute
> leftsubnet=aa.aa.aa.aa/32 leftprotoport=17/1701
> right=%any rightprotoport=17/%any
> rightsubnetwithin= authby=psk
> pfs=no compress=no
> auto=add
> Cheers,
> Benoit.
> _______________________________________________ Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users

More information about the Users mailing list