Hi Houman, > I still get the same errors. Although the "faking NAT situation to > enforce UDP encapsulation" is not showing anymore. Is this now something > else?
Yes, as the log tells you, it looks like your server is behind a NAT: > JulĀ 7 00:28:59 de-fsn-6 charon: 11[IKE] local host is behind NAT, > sending keep alives Is there actually an IPv6 NAT? Or should 2a01:4f8:192:xxxx::2 be the same address the clients see too? If so, the NAT-D payload may have been invalid (e.g. because the client faked a NAT situation - note, though, that strongSwan only modifies the source IP hash to that effect). > It is very strange that the same configuration works with StringSwan > 5.7.2 but 5.8.2 throws these errors. Something must have changed that > I'm missing, I think. I don't think that any change caused this. Did you have IPv6 connectivity with 5.7.2 too? Regards, Tobias