I've put together a blog entry about how to rebuild the Fedora RPMs with ECDSA support: http://danielpocock.com/ussing-ecc-ecdsa-in-openssl-and-strongswan-fedora I hope this helps more people avoid the problems with fragmented IKEv2 authentication messages.