[strongSwan] StrongSwan/Racoon interop issue: IDcr mismatch

Rich Lafferty rich at lafferty.ca
Tue Jan 30 19:01:58 CET 2018

> On Jan 30, 2018, at 10:25 AM, Tobias Brunner <tobias at strongswan.org> wrote:
> Hi Rich,
>> I’m not clear on next steps, though — are you saying that this is expected behaviour that can’t be worked around, or that the fix needs to be on the racoon side?
> I think this is actually due to a bug in your strongSwan release.  Back
> then we sent back the wrong IP address in one of the two NAT-OA
> payloads, which is probably what trips racoon (it seems to compare the
> addresses in the ID payloads with those in the NAT-OA payloads, which
> succeeds for IDci but evidently fails for IDcr).  This issue was fixed
> with the patch at [1], which was included in 5.5.2.

Aha, thanks! I’ve confirmed that 5.5.2 fixes the issue. Now to figure out Ubuntu back ports…

Thanks for your help,


> Regards,
> Tobias
> [1] https://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=d8f0d9c2

More information about the Users mailing list