[Openswan dev] Problems with interop between CVS HEAD and Super
FreeS/WAN 1.99
Ken Bantoft
ken at xelerance.com
Thu May 13 21:07:59 CEST 2004
Hi Nate,
Yup, HEAD is currently non-interoperable with other IPsec, due to code
changes with algs/proposals
Use the PRE2_1_0 branch for something a little more stable, as it's
2.1.2rc5+fixes.
On Thu, 13 May 2004, Nate Carlson wrote:
> Hey all,
>
> I just tried out the current CVS HEAD version, and am having some
> problems. Things work fine with 2.1.1 (mostly), but when I try a
> connection with HEAD, I get (from the remote gateway):
>
> May 13 12:12:00 vpn-gw pluto[7841]: packet from 65.193.16.110:32912: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
> May 13 12:12:00 vpn-gw pluto[7841]: packet from 65.193.16.110:32912: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02]
> May 13 12:12:00 vpn-gw pluto[7841]: "nat-10-roadwarrior-allnet"[14] 65.193.16.110:32912 #432: responding to Main Mode from unknown peer 65.193.16.110:32912
> May 13 12:12:00 vpn-gw pluto[7841]: "nat-10-roadwarrior-allnet"[14] 65.193.16.110:32912 #432: Proposal Payload must be alone in Oakley SA; found ISAKMP_NEXT_P following Proposal
> May 13 12:12:00 vpn-gw pluto[7841]: "nat-10-roadwarrior-allnet"[14] 65.193.16.110:32912 #432: sending notification PAYLOAD_MALFORMED to 65.193.16.110:32912
> May 13 12:12:00 vpn-gw pluto[7841]: "nat-10-roadwarrior-allnet"[14] 65.193.16.110:32912: deleting connection "nat-10-roadwarrior-allnet" instance with peer 65.193.16.110
>
> This is a pretty basic connection using an X.509 cert and such. The client
> in question is a VMWare session on the 65.193.16.110 box, being NAT'd by
> Vmware. Also tried it bridged on it's own public IP (just in case), get
> the same error.
>
> Exact same configs and such. This something I'm messing up in the build
> process, or has the config changed between 2.1.1 and head? I did try
> adding rightsendcert=always; no changes.
>
> Thanks!
>
--
Ken Bantoft VP Business Development
ken at xelerance.com Xelerance Corporation
sip://toronto.xelerance.com http://www.xelerance.com
The future is here. It's just not evenly distributed yet.
-- William Gibson
More information about the Dev
mailing list