[strongSwan] StrongSwan/Racoon interop issue: IDcr mismatch
Rich Lafferty
rich at lafferty.ca
Tue Jan 30 19:01:58 CET 2018
> On Jan 30, 2018, at 10:25 AM, Tobias Brunner <tobias at strongswan.org> wrote:
>
> Hi Rich,
>
>> I’m not clear on next steps, though — are you saying that this is expected behaviour that can’t be worked around, or that the fix needs to be on the racoon side?
>
> I think this is actually due to a bug in your strongSwan release. Back
> then we sent back the wrong IP address in one of the two NAT-OA
> payloads, which is probably what trips racoon (it seems to compare the
> addresses in the ID payloads with those in the NAT-OA payloads, which
> succeeds for IDci but evidently fails for IDcr). This issue was fixed
> with the patch at [1], which was included in 5.5.2.
Aha, thanks! I’ve confirmed that 5.5.2 fixes the issue. Now to figure out Ubuntu back ports…
Thanks for your help,
-Rich
> Regards,
> Tobias
>
> [1] https://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=d8f0d9c2
More information about the Users
mailing list