If I set the option "IPsec identifier" to "not used" in my android device I got an other error form "ipsec barf":
Mar 15 07:38:03 zentyal pluto[29023]: packet from 56.111.111.111:500: received Vendor ID payload [RFC 3947] method set to=109
Mar 15 07:38:03 zentyal pluto[29023]: packet from 56.111.111.111:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 109
Mar 15 07:38:03 zentyal pluto[29023]: packet from 56.111.111.111:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 109
Mar 15 07:38:03 zentyal pluto[29023]: packet from 56.111.111.111:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Mar 15 07:38:03 zentyal pluto[29023]: packet from 56.111.111.111:500: ignoring Vendor ID payload [FRAGMENTATION 80000000]
Mar 15 07:38:03 zentyal pluto[29023]: packet from 56.111.111.111:500: received Vendor ID payload [Dead Peer Detection]
Mar 15 07:38:03 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #43: responding to Main Mode from unknown peer 56.111.111.111
Mar 15 07:38:03 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #43: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Mar 15 07:38:03 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #43: STATE_MAIN_R1: sent MR1, expecting MI2
Mar 15 07:38:05 zentyal pluto[29023]: packet from 56.111.111.111:500: received Vendor ID payload [RFC 3947] method set to=109
Mar 15 07:38:05 zentyal pluto[29023]: packet from 56.111.111.111:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 109
Mar 15 07:38:05 zentyal pluto[29023]: packet from 56.111.111.111:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 109
Mar 15 07:38:05 zentyal pluto[29023]: packet from 56.111.111.111:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Mar 15 07:38:05 zentyal pluto[29023]: packet from 56.111.111.111:500: ignoring Vendor ID payload [FRAGMENTATION 80000000]
Mar 15 07:38:05 zentyal pluto[29023]: packet from 56.111.111.111:500: received Vendor ID payload [Dead Peer Detection]
Mar 15 07:38:05 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #44: responding to Main Mode from unknown peer 56.111.111.111
Mar 15 07:38:05 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #44: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Mar 15 07:38:05 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #44: STATE_MAIN_R1: sent MR1, expecting MI2
Mar 15 07:38:08 zentyal pluto[29023]: packet from 56.111.111.111:500: received Vendor ID payload [RFC 3947] method set to=109
Mar 15 07:38:08 zentyal pluto[29023]: packet from 56.111.111.111:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 109
Mar 15 07:38:08 zentyal pluto[29023]: packet from 56.111.111.111:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 109
Mar 15 07:38:08 zentyal pluto[29023]: packet from 56.111.111.111:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Mar 15 07:38:08 zentyal pluto[29023]: packet from 56.111.111.111:500: ignoring Vendor ID payload [FRAGMENTATION 80000000]
Mar 15 07:38:08 zentyal pluto[29023]: packet from 56.111.111.111:500: received Vendor ID payload [Dead Peer Detection]
Mar 15 07:38:08 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #45: responding to Main Mode from unknown peer 56.111.111.111
Mar 15 07:38:08 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #45: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Mar 15 07:38:08 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #45: STATE_MAIN_R1: sent MR1, expecting MI2
Mar 15 07:38:11 zentyal pluto[29023]: packet from 56.111.111.111:500: received Vendor ID payload [RFC 3947] method set to=109
Mar 15 07:38:11 zentyal pluto[29023]: packet from 56.111.111.111:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 109
Mar 15 07:38:11 zentyal pluto[29023]: packet from 56.111.111.111:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 109
Mar 15 07:38:11 zentyal pluto[29023]: packet from 56.111.111.111:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Mar 15 07:38:11 zentyal pluto[29023]: packet from 56.111.111.111:500: ignoring Vendor ID payload [FRAGMENTATION 80000000]
Mar 15 07:38:11 zentyal pluto[29023]: packet from 56.111.111.111:500: received Vendor ID payload [Dead Peer Detection]
Mar 15 07:38:11 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #46: responding to Main Mode from unknown peer 56.111.111.111
Mar 15 07:38:11 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #46: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Mar 15 07:38:11 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #46: STATE_MAIN_R1: sent MR1, expecting MI2
Mar 15 07:38:14 zentyal pluto[29023]: packet from 56.111.111.111:500: received Vendor ID payload [RFC 3947] method set to=109
Mar 15 07:38:14 zentyal pluto[29023]: packet from 56.111.111.111:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 109
Mar 15 07:38:14 zentyal pluto[29023]: packet from 56.111.111.111:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 109
Mar 15 07:38:14 zentyal pluto[29023]: packet from 56.111.111.111:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Mar 15 07:38:14 zentyal pluto[29023]: packet from 56.111.111.111:500: ignoring Vendor ID payload [FRAGMENTATION 80000000]
Mar 15 07:38:14 zentyal pluto[29023]: packet from 56.111.111.111:500: received Vendor ID payload [Dead Peer Detection]
Mar 15 07:38:14 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #47: responding to Main Mode from unknown peer 56.111.111.111
Mar 15 07:38:14 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #47: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Mar 15 07:38:14 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #47: STATE_MAIN_R1: sent MR1, expecting MI2
Mar 15 07:38:17 zentyal pluto[29023]: packet from 56.111.111.111:500: received Vendor ID payload [RFC 3947] method set to=109
Mar 15 07:38:17 zentyal pluto[29023]: packet from 56.111.111.111:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 109
Mar 15 07:38:17 zentyal pluto[29023]: packet from 56.111.111.111:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 109
Mar 15 07:38:17 zentyal pluto[29023]: packet from 56.111.111.111:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Mar 15 07:38:17 zentyal pluto[29023]: packet from 56.111.111.111:500: ignoring Vendor ID payload [FRAGMENTATION 80000000]
Mar 15 07:38:17 zentyal pluto[29023]: packet from 56.111.111.111:500: received Vendor ID payload [Dead Peer Detection]
Mar 15 07:38:17 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #48: responding to Main Mode from unknown peer 56.111.111.111
Mar 15 07:38:17 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #48: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Mar 15 07:38:17 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #48: STATE_MAIN_R1: sent MR1, expecting MI2
Mar 15 07:38:18 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #45: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): both are NATed
Mar 15 07:38:18 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #45: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Mar 15 07:38:18 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #45: STATE_MAIN_R2: sent MR2, expecting MI3
Mar 15 07:38:18 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #45: Main mode peer ID is ID_IPV4_ADDR: '10.222.222.22'
Mar 15 07:38:18 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #45: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Mar 15 07:38:18 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #45: new NAT mapping for #45, was 56.111.111.111:500, now 56.111.111.111:4500
Mar 15 07:38:18 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #45: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_256 prf=oakley_sha group=modp1024}
Mar 15 07:38:18 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #45: ignoring informational payload, type IPSEC_INITIAL_CONTACT msgid=00000000
Mar 15 07:38:18 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #45: received and ignored informational message
Mar 15 07:38:19 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #45: the peer proposed: 144.33.33.22/32:17/1701 -> 10.222.222.22/32:17/0
Mar 15 07:38:19 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #49: responding to Quick Mode proposal {msgid:21a303bc}
Mar 15 07:38:19 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #49: us: 192.168.122.2<192.168.122.2>[+S=C]:17/1701
Mar 15 07:38:19 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #49: them: 56.111.111.111[10.222.222.22,+S=C]:17/0
Mar 15 07:38:19 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #49: keeping refhim=4294901761 during rekey
Mar 15 07:38:19 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #49: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Mar 15 07:38:19 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #49: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Mar 15 07:38:19 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #49: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Mar 15 07:38:19 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #49: STATE_QUICK_R2: IPsec SA established tunnel mode {ESP=>0x081c45f7 <0x5b05c5f3 xfrm=AES_256-HMAC_SHA1 NATOA=none NATD=56.111.111.111:4500 DPD=none}
Mar 15 07:38:24 zentyal pluto[29023]: ERROR: asynchronous network error report on eth0 (sport=4500) for message to 56.111.111.111 port 4500, complainant 56.111.111.111: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)]
Mar 15 07:38:24 zentyal pluto[29023]: ERROR: asynchronous network error report on eth0 (sport=4500) for message to 56.111.111.111 port 4500, complainant 56.111.111.111: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)]
Mar 15 07:38:25 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #47: ERROR: asynchronous network error report on eth0 (sport=500) for message to 56.111.111.111 port 500, complainant 56.111.111.111: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)]
Mar 15 07:38:26 zentyal pluto[29023]: ERROR: asynchronous network error report on eth0 (sport=4500) for message to 56.111.111.111 port 4500, complainant 56.111.111.111: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)]
Mar 15 07:38:26 zentyal pluto[29023]: ERROR: asynchronous network error report on eth0 (sport=4500) for message to 56.111.111.111 port 4500, complainant 56.111.111.111: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)]
Mar 15 07:38:28 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #48: ERROR: asynchronous network error report on eth0 (sport=500) for message to 56.111.111.111 port 500, complainant 56.111.111.111: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)]
Mar 15 07:38:33 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #43: ERROR: asynchronous network error report on eth0 (sport=500) for message to 56.111.111.111 port 500, complainant 56.111.111.111: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)]
Mar 15 07:38:35 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #44: ERROR: asynchronous network error report on eth0 (sport=500) for message to 56.111.111.111 port 500, complainant 56.111.111.111: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)]
Mar 15 07:38:41 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #46: ERROR: asynchronous network error report on eth0 (sport=500) for message to 56.111.111.111 port 500, complainant 56.111.111.111: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)]
Mar 15 07:38:44 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #47: ERROR: asynchronous network error report on eth0 (sport=500) for message to 56.111.111.111 port 500, complainant 56.111.111.111: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)]
Mar 15 07:38:47 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #48: ERROR: asynchronous network error report on eth0 (sport=500) for message to 56.111.111.111 port 500, complainant 56.111.111.111: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)]