[strongSwan] StrongSwan/Racoon interop issue: IDcr mismatch
Tobias Brunner
tobias at strongswan.org
Tue Jan 30 16:25:51 CET 2018
Hi Rich,
> I’m not clear on next steps, though — are you saying that this is expected behaviour that can’t be worked around, or that the fix needs to be on the racoon side?
I think this is actually due to a bug in your strongSwan release. Back
then we sent back the wrong IP address in one of the two NAT-OA
payloads, which is probably what trips racoon (it seems to compare the
addresses in the ID payloads with those in the NAT-OA payloads, which
succeeds for IDci but evidently fails for IDcr). This issue was fixed
with the patch at [1], which was included in 5.5.2.
Regards,
Tobias
[1] https://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=d8f0d9c2
More information about the Users
mailing list