<div dir="ltr"><div><div><div><div>Hello,<br><br></div>I'm having a problem with an IPSec VPN. The problem is as follow:<br><br></div>The client sent to my server 10 proposal of configurations for phase 1:<br></div>- AES MD5 PSK 1024modp<br>- AES SHA1 PSK 1024modp<br>- 3DES MD5 PSK 1024modp<br>- 3DES SHA1 PSK 1024modp<br>- CAST MD5 PSK 1024modp<br>- CAST SHA1 PSK 1024modp<br>- Blowfish MD5 PSK 1024modp<br>- Blowfish SHA1 PSK 1024modp<br>- Unknown-65289 MD5 PSK 1024modp<br>- Unknown-65289 SHA1 PSK 1024modp<br><br></div>My configuration for phase 1 is:<br><div><div><br clear="all"><div><div><div>3DES SHA1 PSK 1024modp<br><br></div><div>But i make a tcpdump in the interface, and i see my server answering the proposals with the proposal 0 (AES MD5 PSK 1024modp), after this, some more packages are exchanged, but finally at some point my server sent an PAYLOAD_MALFORMED.<br><br><br></div><div>The pluto log show:<br><font size="1"><span style="font-family:monospace,monospace">Mar 9 20:01:08 server01 pluto[16625]: | handling event EVENT_RETRANSMIT for 10.10.10.10 "conn/1x1" #29547<br>Mar 9 20:01:08 server01 pluto[16625]: | sending 220 bytes for EVENT_RETRANSMIT through eth2:500 to <a href="http://10.10.10.10:500">10.10.10.10:500</a> (using #29547)<br>Mar 9 20:01:08 server01 pluto[16625]: | inserting event EVENT_RETRANSMIT, timeout in 20 seconds for #29547<br>Mar 9 20:01:08 server01 pluto[16625]: | handling event EVENT_RETRANSMIT<br>Mar 9 20:01:08 server01 pluto[16625]: | event after this is EVENT_RETRANSMIT in 0 seconds<br>Mar 9 20:01:08 server01 pluto[16625]: | processing connection conn/1x1<br>Mar 9 20:01:08 server01 pluto[16625]: | handling event EVENT_RETRANSMIT for 10.10.10.10 "conn/1x1" #29542<br>Mar 9 20:01:08 server01 pluto[16625]: | sending 220 bytes for EVENT_RETRANSMIT through eth2:500 to <a href="http://10.10.10.10:500">10.10.10.10:500</a> (using #29542)<br>Mar 9 20:01:08 server01 pluto[16625]: | inserting event EVENT_RETRANSMIT, timeout in 40 seconds for #29542<br>Mar 9 20:01:08 server01 pluto[16625]: | handling event EVENT_RETRANSMIT<br>Mar 9 20:01:08 server01 pluto[16625]: | event after this is EVENT_RETRANSMIT in 1 seconds<br>Mar 9 20:01:08 server01 pluto[16625]: | processing connection conn/1x1<br>Mar 9 20:01:08 server01 pluto[16625]: | handling event EVENT_RETRANSMIT for 10.10.10.10 "conn/1x1" #29526</span></font><br><br></div><div>The ipsec auto --status show:<br><span style="font-family:monospace,monospace"><font size="1">000 #33992: "conn/1x1":500 STATE_MAIN_R2 (sent MR2, expecting MI3); EVENT_RETRANSMIT in 6s; nodpd; idle; import:not set<br>000 #33987: "conn/1x1":500 STATE_MAIN_R2 (sent MR2, expecting MI3); EVENT_RETRANSMIT in 1s; nodpd; idle; import:not set<br>000 #33970: "conn/1x1":500 STATE_MAIN_R2 (sent MR2, expecting MI3); EVENT_RETRANSMIT in 1s; nodpd; idle; import:not set<br>000 #33975: "conn/1x1":500 STATE_MAIN_R2 (sent MR2, expecting MI3); EVENT_RETRANSMIT in 21s; nodpd; idle; import:not set<br>000 #33973: "conn/1x1":500 STATE_MAIN_R2 (sent MR2, expecting MI3); EVENT_RETRANSMIT in 11s; nodpd; idle; import:not set<br>000 #33980: "conn/1x1":500 STATE_MAIN_R2 (sent MR2, expecting MI3); EVENT_RETRANSMIT in 26s; nodpd; idle; import:not set<br>000 #33972: "conn/1x1":500 STATE_MAIN_R2 (sent MR2, expecting MI3); EVENT_RETRANSMIT in 6s; nodpd; idle; import:not set<br>000 #33988: "conn/1x1":500 STATE_MAIN_R2 (sent MR2, expecting MI3); EVENT_RETRANSMIT in 6s; nodpd; idle; import:not set<br>000 #33974: "conn/1x1":500 STATE_MAIN_R2 (sent MR2, expecting MI3); EVENT_RETRANSMIT in 16s; nodpd; idle; import:not set<br>000 #33991: "conn/1x1":500 STATE_MAIN_R2 (sent MR2, expecting MI3); EVENT_RETRANSMIT in 1s; nodpd; idle; import:not set<br>000 #33986: "conn/1x1":500 STATE_MAIN_R2 (sent MR2, expecting MI3); EVENT_RETRANSMIT in 36s; nodpd; idle; import:not set<br>000 #33981: "conn/1x1":500 STATE_MAIN_R2 (sent MR2, expecting MI3); EVENT_RETRANSMIT in 31s; nodpd; idle; import:not set<br>000 #33990: "conn/1x1":500 STATE_MAIN_R2 (sent MR2, expecting MI3); EVENT_RETRANSMIT in 16s; nodpd; idle; import:not set<br>000 #33989: "conn/1x1":500 STATE_MAIN_R2 (sent MR2, expecting MI3); EVENT_RETRANSMIT in 11s; nodpd; idle; import:not set<br>000 #33971: "conn/1x5":500 STATE_MAIN_I3 (sent MI3, expecting MR3); EVENT_RETRANSMIT in 1s; nodpd; idle; import:admin initiate<br>000 #33971: pending Phase 2 for "conn/1x1" replacing #0<br>000 #33971: pending Phase 2 for "conn/1x2" replacing #0<br>000 #33971: pending Phase 2 for "conn/1x3" replacing #0<br>000 #33971: pending Phase 2 for "conn/1x4" replacing #0<br>000 #33971: pending Phase 2 for "conn/1x5" replacing #0</font></span><br></div><div><br></div><div>Finally the connection can't be stablished.<br><br></div><div>My version (that i can't update, neither openswan nor kernel) is:<br><span style="font-family:monospace,monospace"><font size="1">Linux Openswan U2.6.32/K2.6.32-279.el6.x86_64 (netkey)</font></span><br><br></div><div>Thanks in advance for any clue,<br></div><div>Best Regards,</div><div>-- <br><div class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div>Eduard Lucena<br>Móvil: +56962318010<br>GNU/Linux User #589060<br>Ubuntu User #8749<br></div></div></div></div></div>
</div></div></div></div></div></div>