Thanks for the extra general regression check Simon! And also for the documentation of the detailed tests you did.
I used that to test Artful and Zesty as well. Files as outlined by Simon Deziel, just in my case IPs different. Note: needs hosts file on east and west. zesty 169.254.6.1 => 192.168.122.226 169.254.6.2 => 192.168.122.224 artful 169.254.6.1 => 192.168.122.220 169.254.6.2 => 192.168.122.228 = ZESTY = Before Fix: ubuntu@zesty-east:~$ sudo systemctl status strongswan [...] Jan 02 09:52:26 zesty-east charon[2792]: 14[NET] sending packet: from 192.168.122.226[500] to 192.168.122.224[500] (124 bytes) Jan 02 09:52:26 zesty-east charon[2792]: 15[NET] received packet: from 192.168.122.224[500] to 192.168.122.226[500] (92 bytes) Jan 02 09:52:26 zesty-east charon[2792]: 15[ENC] invalid HASH_V1 payload length, decryption failed? Jan 02 09:52:26 zesty-east charon[2792]: 15[ENC] could not decrypt payloads Jan 02 09:52:26 zesty-east charon[2792]: 15[IKE] message parsing failed Jan 02 09:52:26 zesty-east charon[2792]: 15[IKE] ignore malformed INFORMATIONAL request Jan 02 09:52:26 zesty-east charon[2792]: 15[IKE] INFORMATIONAL_V1 request with message ID 2973179323 processing failed After fix is on West: $ sudo systemctl status strongswan [...] Jan 02 09:56:32 zesty-east charon[2954]: 11[NET] sending packet: from 192.168.122.226[500] to 192.168.122.224[500] (220 bytes) Jan 02 09:56:32 zesty-east charon[2954]: 12[NET] received packet: from 192.168.122.224[500] to 192.168.122.226[500] (188 bytes) Jan 02 09:56:32 zesty-east charon[2954]: 12[ENC] parsed QUICK_MODE response 3423563956 [ HASH SA No ID ID ] Jan 02 09:56:32 zesty-east charon[2954]: 12[IKE] CHILD_SA lp-east01{1} established with SPIs c223f7cc_i c35801f3_o and TS 192.168.122.226/32 === 1 Jan 02 09:56:32 zesty-east charon[2954]: 12[IKE] CHILD_SA lp-east01{1} established with SPIs c223f7cc_i c35801f3_o and TS 192.168.122.226/32 === 1 Jan 02 09:56:32 zesty-east charon[2954]: 12[ENC] generating QUICK_MODE request 3423563956 [ HASH ] Jan 02 09:56:32 zesty-east charon[2954]: 12[NET] sending packet: from 192.168.122.226[500] to 192.168.122.224[500] (76 bytes = ARTFUL = Before Fix: ubuntu@artful-east:~$ sudo systemctl status strongswan [...] Jan 02 09:53:39 artful-east charon[2004]: 10[NET] sending packet: from 192.168.122.220[500] to 192.168.122.228[500] (124 bytes) Jan 02 09:53:39 artful-east charon[2004]: 11[NET] received packet: from 192.168.122.228[500] to 192.168.122.220[500] (92 bytes) Jan 02 09:53:39 artful-east charon[2004]: 11[ENC] invalid HASH_V1 payload length, decryption failed? Jan 02 09:53:39 artful-east charon[2004]: 11[ENC] could not decrypt payloads => Jan 02 09:53:39 artful-east charon[2004]: 11[IKE] message parsing failed => Jan 02 09:53:39 artful-east charon[2004]: 11[IKE] ignore malformed INFORMATIONAL request => Jan 02 09:53:39 artful-east charon[2004]: 11[IKE] INFORMATIONAL_V1 request with message ID 505241222 processing failed After fix is on West: $ sudo systemctl status strongswan ● strongswan.service - strongSwan IPsec services [...] Jan 02 09:56:32 artful-east charon[2138]: 11[NET] sending packet: from 192.168.122.220[500] to 192.168.122.228[500] (220 bytes) Jan 02 09:56:32 artful-east charon[2138]: 12[NET] received packet: from 192.168.122.228[500] to 192.168.122.220[500] (188 bytes) Jan 02 09:56:32 artful-east charon[2138]: 12[ENC] parsed QUICK_MODE response 926910681 [ HASH SA No ID ID ] Jan 02 09:56:32 artful-east charon[2138]: 12[IKE] CHILD_SA lp-east01{1} established with SPIs c5e03498_i c81b3cbc_o and TS 192.168.122.220/32 === Jan 02 09:56:32 artful-east charon[2138]: 12[IKE] CHILD_SA lp-east01{1} established with SPIs c5e03498_i c81b3cbc_o and TS 192.168.122.220/32 === Jan 02 09:56:32 artful-east charon[2138]: 12[ENC] generating QUICK_MODE request 926910681 [ HASH ] Jan 02 09:56:32 artful-east charon[2138]: 12[NET] sending packet: from 192.168.122.220[500] to 192.168.122.228[500] (76 bytes) ** Tags removed: verification-needed verification-needed-artful verification-needed-zesty ** Tags added: verification-done verification-done-artful verification-done-zesty -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1734207 Title: Multiple PSKs with dyndns left/rightids doesn't work To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1734207/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs