Sorry to reply to myself (I switched email addresses for this list) anyways I am still having the issue as described below. It is not mtu related as I am now testing on subnets inside my LAN. <br><br>What should I look into?
<br><br>>Versions: openswan-2.4.7 / 2.6.18-gentoo-r3<br>>x86_64 arch<br><br>>I have followed Nate's Guide and everything as far as creating the<br>>certs went well. My openswan loads all the correct certs and starts
<br>>up fine.<br>>I imported my .p12 into windows both by hand and with the<br>>certimport.exe tool. This seemed to work fine in both cases.<br><br>>However when I try to connect I get the windows 786 lt2p error and
<br>>this in my openswan logs.<br><br>>Jan 13 14:49:30 defender64 pluto[6562]: packet from<br>><a href="http://74.65.156.181:500">74.65.156.181:500</a>: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY<br>>00000004]
<br>>Jan 13 14:49:30 defender64 pluto[6562]: packet from<br>><a href="http://74.65.156.181:500">74.65.156.181:500</a>: ignoring Vendor ID payload [FRAGMENTATION]<br>>Jan 13 14:49:30 defender64 pluto[6562]: packet from
<br>><a href="http://74.65.156.181:500">74.65.156.181:500</a>: received Vendor ID payload [draft-ietf-ipsec-nat-t-<br>>ike-02_n] method set to=106<br>>Jan 13 14:49:30 defender64 pluto[6562]: packet from<br>><a href="http://74.65.156.181:500">
74.65.156.181:500</a>: ignoring Vendor ID payload [Vid-Initial-Contact]<br>>Jan 13 14:49:30 defender64 pluto[6562]: "roadwarrior-osx-xp"[1]<br>><a href="http://74.65.156.181">74.65.156.181</a> #1: responding to Main Mode from unknown peer
<br>><a href="http://74.65.156.181">74.65.156.181</a><br>>Jan 13 14:49:30 defender64 pluto[6562]: "roadwarrior-osx-xp"[1]<br>><a href="http://74.65.156.181">74.65.156.181</a> #1: transition from state STATE_MAIN_R0 to state
<br>>STATE_MAIN_R1<br>>Jan 13 14:49:30 defender64 pluto[6562]: "roadwarrior-osx-xp"[1]<br>><a href="http://74.65.156.181">74.65.156.181</a> #1: STATE_MAIN_R1: sent MR1, expecting MI2<br>>Jan 13 14:49:30 defender64 pluto[6562]: "roadwarrior-osx-xp"[1]
<br>><a href="http://74.65.156.181">74.65.156.181</a> #1: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-<br>>ike-02/03: peer is NATed<br>>Jan 13 14:49:30 defender64 pluto[6562]: "roadwarrior-osx-xp"[1]
<br>><a href="http://74.65.156.181">74.65.156.181</a> #1: transition from state STATE_MAIN_R1 to state<br>>STATE_MAIN_R2<br>>Jan 13 14:49:30 defender64 pluto[6562]: "roadwarrior-osx-xp"[1]<br>><a href="http://74.65.156.181">
74.65.156.181</a> #1: STATE_MAIN_R2: sent MR2, expecting MI3<br>>Jan 13 14:49:30 defender64 pluto[6562]: "roadwarrior-osx-xp"[1]<br>><a href="http://74.65.156.181">74.65.156.181</a> #1: next payload type of ISAKMP Hash Payload has an
<br>>unknown value: 51<br>>Jan 13 14:49:30 defender64 pluto[6562]: "roadwarrior-osx-xp"[1]<br>><a href="http://74.65.156.181">74.65.156.181</a> #1: malformed payload in packet<br>>Jan 13 14:49:30 defender64 pluto[6562]: | payload malformed after IV
<br>>Jan 13 14:49:30 defender64 pluto[6562]: | e7 12 22 63 76 fe 09 0c<br>>0e 2a b9 ec 7b 5e 1b 52<br>>Jan 13 14:49:30 defender64 pluto[6562]: | 9a c7 1f 66<br>>Jan 13 14:49:30 defender64 pluto[6562]: "roadwarrior-osx-xp"[1]
<br>><a href="http://74.65.156.181">74.65.156.181</a> #1: sending notification PAYLOAD_MALFORMED to<br>><a href="http://74.65.156.181:500">74.65.156.181:500</a><br>>Jan 13 14:49:30 defender64 pluto[6562]: "roadwarrior-osx-xp"[1]
<br>><a href="http://74.65.156.181">74.65.156.181</a> #1: next payload type of ISAKMP Hash Payload has an<br>>unknown value: 39<br>>Jan 13 14:49:30 defender64 pluto[6562]: "roadwarrior-osx-xp"[1]<br>>
<a href="http://74.65.156.181">74.65.156.181</a> #1: malformed payload in packet<br>>Jan 13 14:50:40 defender64 pluto[6562]: "roadwarrior-osx-xp"[1]<br>><a href="http://74.65.156.181">74.65.156.181</a> #1: max number of retransmissions (2) reached
<br>>STATE_MAIN_R2<br>>Jan 13 14:50:40 defender64 pluto[6562]: "roadwarrior-osx-xp"[1]<br>><a href="http://74.65.156.181">74.65.156.181</a>: deleting connection "roadwarrior-osx-xp" instance with
<br>>peer <a href="http://74.65.156.181">74.65.156.181</a> {isakmp=#0/ipsec=#0}<br>><br>>I have searched these errors for a few hours now with no luck.<br>><br>>Thanks for any help.<br>