On Wed, Feb 25, 2015 at 9:02 AM, compdoc <comp...@hotrodpc.com> wrote:
> > peer client ID returned doesn't match my proposal > > I have two ipsec tunnels and after the upgrade, for one tunnel I had to > change the 'Peer identifier' on my side to use the IP address it was > seeing. > Been working great since. > Especially since NAT is involved on at least one side judging by the logs, yes it's almost certainly that same circumstance. The ID wasn't actually matched before, but racoon would fall back to the source IP it was receiving traffic from, where strongSwan requires an exact match. https://doc.pfsense.org/index.php/Upgrade_Guide#Stricter_Phase_1_Identifier_Validation
_______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
