[strongSwan] StrongSwan/Racoon interop issue: IDcr mismatch

Tobias Brunner tobias at strongswan.org
Tue Jan 30 16:25:51 CET 2018

Hi Rich,

> I’m not clear on next steps, though — are you saying that this is expected behaviour that can’t be worked around, or that the fix needs to be on the racoon side?

I think this is actually due to a bug in your strongSwan release.  Back
then we sent back the wrong IP address in one of the two NAT-OA
payloads, which is probably what trips racoon (it seems to compare the
addresses in the ID payloads with those in the NAT-OA payloads, which
succeeds for IDci but evidently fails for IDcr).  This issue was fixed
with the patch at [1], which was included in 5.5.2.


[1] https://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=d8f0d9c2

More information about the Users mailing list