Comment 4 for bug 1451091

> The current version of Strongswan (5.1.2) does not work with newer versions of pfSense (Strongswan 5.3.2 based).
> When using IPsec IKEv2/PSK the identity type is now prefixed leftid and rightid for better matching.

Hm, could you elaborate on that? For instance, provide example configs? At a first glance I'd say what pfSense does is wrong, as it seems to send incorrectly encoded identity payloads. As described in the man/wiki page, you can't just prefix a string with a prefix and expect that to work correctly. These prefixes are really mostly useful in special situations (e.g. to encode a FQDN as keyid).