I can confirm that this has been reported by windows users as well. Pasting link below that has the detailed conversation to help debug this :
http://www.vyatta.org/forum/viewtopic.php?p=48296#48296 ----- Original Message ----- > Hi, > > Ok, next issue :). I'm trying to setup an OS X client IPSec/L2TP > connection to strongSwan 4.5.0. > > The strongSwan server and the OS X client are both behind a NAT. I > managed to find the configuration to get the tunnel establishment to > pass phase 1 but it fails in phase 2. The OS X client (raccoon) fails > to match its computed HASH(2) with strongSwan's hash passed with the > STATE_QUICK_R0 message. I've attached the strongSwan debug traces and > raccoon debug traces to this email. Any ideas why raccoon and > strongSwan don't agree on the hash value? > > Someone reported a similar issue last month and indicated that things > were working when the strongSwan server was NOT behind a NAT but > failed when it was behind a NAT. > > Here's the config I'm using: > > conn rw > esp=aes128-sha1 ike=aes128-sha-modp1024 > keyexchange=ikev1 keyingtries=3 > type=transport left=%defaultroute > leftsubnet=aa.aa.aa.aa/32 leftprotoport=17/1701 > right=%any rightprotoport=17/%any > rightsubnetwithin=0.0.0.0/0 authby=psk > pfs=no compress=no > auto=add > > Cheers, > Benoit. > > > _______________________________________________ Users mailing list > [email protected] > https://lists.strongswan.org/mailman/listinfo/users _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
