Racoon - Versión mayor inválida 32

Estoy jugando con StrongSwan para configurar una conexión VPN entre dos mac's en Ubuntu y OSX. Estoy teniendo un problema específico de mac con racoon. He intentado en cuatro diferentes mac's y la mitad de ellos están teniendo un error procedente del demonio de racoon

racoon[312]: invalid major version 32.

Esto parece ocurrir después de enviar los mensajes ikev2_init[I]. Puedo recibir una respuesta ikev2_init[R] pero el túnel nunca se crea con éxito.

Esto ha ocurrido en macs con Yosemite y Mavericks.

¿Cómo puedo comprobar la versión de racoon / solucionar este problema?

Aquí está mi racoon.conf de la máquina de trabajo (nunca editado)

# $KAME: racoon.conf.in,v 1.17 2001/08/14 12:10:22 sakane Exp $

# "path" must be placed before it is used.
# You can overwrite what you defined, but it should not be used due to confusion.
path include "/etc/racoon" ;

# search this file for pre_shared_key with various ID key.
path pre_shared_key "/etc/racoon/psk.txt" ;

# racoon will look for certificate file in the directory,
# if the certificate/certificate request payload is received.
path certificate "/etc/cert" ;

# "log" specifies logging level.  It is followed by either "notify", "debug"
# or "debug2".
#log debug;

# "padding" defines some parameter of padding.  You should not touch these.
padding
{
    maximum_length 20;  # maximum padding length.
    randomize off;      # enable randomize length.
    strict_check off;   # enable strict check.
    exclusive_tail off; # extract last one octet.
}

# if no listen directive is specified, racoon will listen to all
# available interface addresses.
listen
{
    #isakmp ::1 [7000];
    #isakmp 202.249.11.124 [500];
    #admin [7002];      # administrative's port by kmpstat.
    #strict_address;    # required all addresses must be bound.
}

# Specification of default various timer.
timer
{
    # These value can be changed per remote node.
    counter 10;     # maximum trying count to send.
    interval 3 sec; # interval to resend (retransmit)
    persend 1;      # the number of packets per a send.

    # timer for waiting to complete each phase.
    phase1 30 sec;
    phase2 30 sec;

    # Auto exit delay timer - for use when controlled by VPN socket
    auto_exit_delay 3 sec;
}

#
# anonymous entry is defined in /etc/racoon/remote/anonymous.conf
#
#remote anonymous
#{
#   #exchange_mode main,aggressive;
#   exchange_mode aggressive,main;
#   doi ipsec_doi;
#   situation identity_only;
#
#   #my_identifier address;
#   my_identifier user_fqdn "macuser@localhost";
#   peers_identifier user_fqdn "macuser@localhost";
#   #certificate_type x509 "mycert" "mypriv";
#
#   nonce_size 16;
#   lifetime time 1 min;    # sec,min,hour
#   initial_contact on;
#   support_mip6 on;
#   proposal_check obey;    # obey, strict or claim
#
#   proposal {
#       encryption_algorithm 3des;
#       hash_algorithm sha1;
#       authentication_method pre_shared_key ;
#       dh_group 2 ;
#   }
#}

remote ::1 [8000]
{
    #exchange_mode main,aggressive;
    exchange_mode aggressive,main;
    doi ipsec_doi;
    situation identity_only;

    my_identifier user_fqdn "macuser@localhost";
    peers_identifier user_fqdn "macuser@localhost";
    #certificate_type x509 "mycert" "mypriv";

    nonce_size 16;
    lifetime time 1 min;    # sec,min,hour

    proposal {
        encryption_algorithm 3des;
        hash_algorithm sha1;
        authentication_method pre_shared_key ;
        dh_group 2 ;
    }
}

#
# anonymous entry is defined in /etc/racoon/remote/anonymous.conf
#
#sainfo anonymous
#{
#   pfs_group 1;
#   lifetime time 30 sec;
#   encryption_algorithm aes, 3des ;
#   authentication_algorithm hmac_sha1;
#   compression_algorithm deflate ;
#}

# sainfo address 203.178.141.209 any address 203.178.141.218 any
# {
#   pfs_group 1;
#   lifetime time 30 sec;
#   encryption_algorithm des ;
#   authentication_algorithm hmac_md5;
#   compression_algorithm deflate ;
# }

sainfo address ::1 icmp6 address ::1 icmp6
{
    pfs_group 1;
    lifetime time 60 sec;
    encryption_algorithm 3des, aes ;
    authentication_algorithm hmac_sha1, hmac_md5 ;
    compression_algorithm deflate ;
}

# Allow third parties the ability to specify remote and sainfo entries
# by including all files matching /var/run/racoon/*.conf
# This line should be added at the end of the racoon.conf file
# so that settings such as timer values will be appropriately applied.
include "/var/run/racoon/*.conf" ;

Aquí está mi racoon.conf de una máquina que NO funciona (nunca editado)

# $KAME: racoon.conf.in,v 1.17 2001/08/14 12:10:22 sakane Exp $

# "path" must be placed before it is used.

# You can overwrite what you defined, but it should not be used due to confusion.

path include "/etc/racoon" ;

# search this file for pre_shared_key with various ID key.

path pre_shared_key "/etc/racoon/psk.txt" ;

# racoon will look for certificate file in the directory,

# if the certificate/certificate request payload is received.

path certificate "/etc/cert" ;

# "log" specifies logging level. It is followed by either "notify", "debug"

# or "debug2".

#log debug;

# "padding" defines some parameter of padding. You should not touch these.

padding

{

maximum_length 20;  # maximum padding length.

randomize off;  # enable randomize length.

strict_check off;   # enable strict check.

exclusive_tail off; # extract last one octet.

}

# if no listen directive is specified, racoon will listen to all

# available interface addresses.

listen

{

#isakmp ::1 [7000];

#isakmp 202.249.11.124 [500];

#admin [7002];  # administrative's port by kmpstat.

#strict_address; # required all addresses must be bound.

}

# Specification of default various timer.

timer

{

# These value can be changed per remote node.

counter 10; # maximum trying count to send.

interval 3 sec; # interval to resend (retransmit)

persend 1;  # the number of packets per a send.

# timer for waiting to complete each phase.

phase1 30 sec;

phase2 30 sec;

# Auto exit delay timer - for use when controlled by VPN socket

auto_exit_delay 3 sec;

}

#

# anonymous entry is defined in /etc/racoon/remote/anonymous.conf

#

#remote anonymous

#{

#   #exchange_mode main,aggressive;

#   exchange_mode aggressive,main;

#   doi ipsec_doi;

#   situation identity_only;

#

#   #my_identifier address;

#   my_identifier user_fqdn "macuser@localhost";

#   peers_identifier user_fqdn "macuser@localhost";

#   #certificate_type x509 "mycert" "mypriv";

#

#   nonce_size 16;

#   lifetime time 1 min;    # sec,min,hour

#   initial_contact on;

#   support_mip6 on;

#   proposal_check obey;    # obey, strict or claim

#

#   proposal {

#   encryption_algorithm 3des;

#   hash_algorithm sha1;

#   authentication_method pre_shared_key ;

#   dh_group 2 ;

#   }

#}

remote ::1 [8000]

{

#exchange_mode main,aggressive;

exchange_mode aggressive,main;

doi ipsec_doi;

situation identity_only;

my_identifier user_fqdn "macuser@localhost";

peers_identifier user_fqdn "macuser@localhost";

#certificate_type x509 "mycert" "mypriv";

nonce_size 16;

lifetime time 1 min;    # sec,min,hour

proposal {

encryption_algorithm 3des;

hash_algorithm sha1;

authentication_method pre_shared_key ;

dh_group 2 ;

}

}

#

# anonymous entry is defined in /etc/racoon/remote/anonymous.conf

#

#sainfo anonymous

#{

#   pfs_group 1;

#   lifetime time 30 sec;

#   encryption_algorithm aes, 3des ;

#   authentication_algorithm hmac_sha1;

#   compression_algorithm deflate ;

#}

# sainfo address 203.178.141.209 any address 203.178.141.218 any

# {

#   pfs_group 1;

#   lifetime time 30 sec;

#   encryption_algorithm des ;

#   authentication_algorithm hmac_md5;

#   compression_algorithm deflate ;

# }

sainfo address ::1 icmp6 address ::1 icmp6

{

pfs_group 1;

lifetime time 60 sec;

encryption_algorithm 3des, aes ;

authentication_algorithm hmac_sha1, hmac_md5 ;

compression_algorithm deflate ;

}

# Allow third parties the ability to specify remote and sainfo entries

# by including all files matching /var/run/racoon/*.conf

# This line should be added at the end of the racoon.conf file

# so that settings such as timer values will be appropriately applied.

include "/var/run/racoon/*.conf" ;