[Openswan dev] Problems with interop between CVS HEAD and Super FreeS/WAN 1.99

Ken Bantoft ken at xelerance.com
Thu May 13 21:07:59 CEST 2004 


Hi Nate, 

Yup, HEAD is currently non-interoperable with other IPsec, due to code 
changes with algs/proposals

Use the PRE2_1_0 branch for something a little more stable, as it's 
2.1.2rc5+fixes.

On Thu, 13 May 2004, Nate Carlson wrote:

> Hey all,
> 
> I just tried out the current CVS HEAD version, and am having some
> problems.  Things work fine with 2.1.1 (mostly), but when I try a 
> connection with HEAD, I get (from the remote gateway):
> 
> May 13 12:12:00 vpn-gw pluto[7841]: packet from 65.193.16.110:32912: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
> May 13 12:12:00 vpn-gw pluto[7841]: packet from 65.193.16.110:32912: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02]
> May 13 12:12:00 vpn-gw pluto[7841]: "nat-10-roadwarrior-allnet"[14] 65.193.16.110:32912 #432: responding to Main Mode from unknown peer 65.193.16.110:32912
> May 13 12:12:00 vpn-gw pluto[7841]: "nat-10-roadwarrior-allnet"[14] 65.193.16.110:32912 #432: Proposal Payload must be alone in Oakley SA; found ISAKMP_NEXT_P following Proposal
> May 13 12:12:00 vpn-gw pluto[7841]: "nat-10-roadwarrior-allnet"[14] 65.193.16.110:32912 #432: sending notification PAYLOAD_MALFORMED to 65.193.16.110:32912
> May 13 12:12:00 vpn-gw pluto[7841]: "nat-10-roadwarrior-allnet"[14] 65.193.16.110:32912: deleting connection "nat-10-roadwarrior-allnet" instance with peer 65.193.16.110
> 
> This is a pretty basic connection using an X.509 cert and such. The client 
> in question is a VMWare session on the 65.193.16.110 box, being NAT'd by 
> Vmware. Also tried it bridged on it's own public IP (just in case), get 
> the same error.
> 
> Exact same configs and such. This something I'm messing up in the build
> process, or has the config changed between 2.1.1 and head? I did try 
> adding rightsendcert=always; no changes.
> 
> Thanks!
> 
-- 
Ken Bantoft			VP Business Development
ken at xelerance.com		Xelerance Corporation
sip://toronto.xelerance.com	http://www.xelerance.com

The future is here. It's just not evenly distributed yet. 
        -- William Gibson

More information about the Dev mailing list