Hi -
I'm observing some strange behaviour with my IPSEC tunnel setup.
Afaict, my setup is quite symmetrical, but a connection
gets only established if initiated from one side.
(Once the SA is present it works either way.)

This is a PC running -current with the in-tree racoon.
The other side is running the top of the 1.5 branch (1.5.3_RC2),
with the latest pkgsrc racoon (20020507a).

When I try to get a connection from the 1.5 box the following
gets into its syslog:

racoon: INFO: isakmp.c:939:isakmp_ph2begin_i(): initiate
new phase 2 negotiation: 134.94.206.1[0]<=>134.94.206.11[0]
racoon: ERROR: isakmp_inf.c:156:isakmp_info_recv(): notif
y message must be encrypted
last message repeated 2 times
racoon: ERROR: pfkey.c:738:pfkey_timeover(): 134.94.206.11
give up to get IPsec-SA due to time up to wait.

134.94.206.1 is the 1.5 box, ...11 is the -current one.
I'm using certificates, no shared secrets.

Is there a known problem?
Something I can do to track it down?
Of cource I can post more details if needed...

best regards
Matthias