<div dir="ltr">Thanks Simon. I just solved the issue by downgrading OpenSwan version. Just realized that the system update also updated OpenSwan from openswan-2.6.37-2.16.amzn1.x86_64 to openswan-2.6.37-3.17.amzn1.x86_64. There are probably some incompatibility in how the keys are generated between these versions hence the connectivity issue. I couldn't find the previous version from anywhere so I installed a Fedora build (openswan-2.6.37-1.fc16.x86_64.rpm) instead. That resolved the issue. <div>
<br></div><div>-Ed<br></div><div class="gmail_extra">
<br><br><div class="gmail_quote">On Wed, Apr 9, 2014 at 2:45 PM, Simon Deziel <span dir="ltr"><<a href="mailto:simon@xelerance.com" target="_blank">simon@xelerance.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hi Ed,<br>
<br>
We had no such issue with our environment:<br>
<br>
OpenSwan 2.6.41<br>
OpenSSL 1.0.1-4ubuntu5.12 (Ubuntu patched version)<br>
<br>
Simon<br>
<div><div class="h5"><br>
On 14-04-09 01:51 PM, Ed Ng wrote:<br>
> Anyone experienced any problem after the recent OpenSSL patch<br>
> (Heartbleed bug)? We have a tunnel that's been running fine for a while<br>
> until we did a system update yesterday. The server runs Amazon Linux<br>
> AMI release 2014.03 with OpenSSL 1:1.0.1e-37.66.amzn1 and<br>
> OpenSwan 2.6.37-3.17.amzn1.<br>
><br>
> I found some logs that looks abnormal after the patch.<br>
><br>
> Apr 10 01:21:55 pluto[1230]: "mytunnel" #43: responding to Main Mode<br>
> Apr 10 01:21:55 pluto[1230]: "mytunnel" #43: transition from state<br>
> STATE_MAIN_R0 to state STATE_MAIN_R1<br>
> Apr 10 01:21:55 pluto[1230]: "mytunnel" #43: STATE_MAIN_R1: sent MR1,<br>
> expecting MI2<br>
> Apr 10 01:21:55 pluto[1230]: "mytunnel" #43: next payload type of ISAKMP<br>
> Nonce Payload has an unknown value: 130<br>
> Apr 10 01:21:55 pluto[1230]: "mytunnel" #43: malformed payload in packet<br>
><br>
> It now says "next payload type of ISAKMP Nonce Payload has an unknown<br>
> value: 130". Anybody has any clue on how to fix this issue? The tunnel<br>
> is currently down and we want to bring it back up asap.<br>
><br>
> Thanks!<br>
><br>
> -Ed<br>
><br>
><br>
</div></div>> _______________________________________________<br>
> <a href="mailto:Users@lists.openswan.org">Users@lists.openswan.org</a><br>
> <a href="https://lists.openswan.org/mailman/listinfo/users" target="_blank">https://lists.openswan.org/mailman/listinfo/users</a><br>
> Micropayments: <a href="https://flattr.com/thing/38387/IPsec-for-Linux-made-easy" target="_blank">https://flattr.com/thing/38387/IPsec-for-Linux-made-easy</a><br>
> Building and Integrating Virtual Private Networks with Openswan:<br>
> <a href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155" target="_blank">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</a><br>
><br>
<br>
_______________________________________________<br>
<a href="mailto:Users@lists.openswan.org">Users@lists.openswan.org</a><br>
<a href="https://lists.openswan.org/mailman/listinfo/users" target="_blank">https://lists.openswan.org/mailman/listinfo/users</a><br>
Micropayments: <a href="https://flattr.com/thing/38387/IPsec-for-Linux-made-easy" target="_blank">https://flattr.com/thing/38387/IPsec-for-Linux-made-easy</a><br>
Building and Integrating Virtual Private Networks with Openswan:<br>
<a href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155" target="_blank">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</a><br>
</blockquote></div><br></div></div>