Hi
I found a problem similar to this one. I think I understand this issue: There is a draft for hmac sha256 use on IPSEC: https://tools.ietf.org/html/draft-ietf-ipsec-ciph-sha-256-00 On this version (V 00) the truncation is 96 bits On next version (V 01) the truncation shift to 128 bits And on the RFC (https://tools.ietf.org/html/rfc4868) 128 bits were confirmed. So 96 bits version are not supposed to be used. Anyway, racoon (V 0.8.2) use 96 bits version by default (I don't find a way to for it at 128...) This is why, by changing the algo in the configuration it's work... In conclusion, for me it's look like a feature missing in racoon... A discusion was about this on racoon ML: https://sourceforge.net/p/ipsec-tools/mailman/message/34146970/