[Openswan Users] Problems with openswan tunnel on Fedora

Tue Aug 24 17:51:29 CEST 2004

Hi,

Help!!

I have an openswan tunnel working to a Cisco VPN3000, from a RHEL box, 
with ipsec-tools-0.2.5-0-5 and openswan-2.1.2 (built from source).

I have transferred this working configuration onto a new box running 
Fedora Core 2 and just changed the 'left' ip addresses. This box has 
been running both ipsec-tools-0.2.5-1 and openswan-2.1.2(rpm) as well as 
ipsec-tools-0.2.5-0-5 and openswan 2.1.2 (from source). When I bring 
this tunnel up on this box I get two errors:

"ignoring informational payload, type PAYLOAD_MALFORMED"
"encrypted Informational Exchange message is invalid because it is for 
incomplete ISAKMP SA"

The ipsec.conf on both boxes looks like:

config setup
        interfaces="ipsec0=eth0"
        # Debug-logging controls:  "none" for (almost) none, "all" for lots.
        klipsdebug=all
        plutodebug=all

conn tunnelipsec
        type=tunnel
        left=62.x.x.x
        leftsubnet=62.x.x.y/25
        right=194.x.x.x
        rightid=145.x.x.x
        rightsubnet=145.y.y.y/16
        esp=3des-md5-96
        pfs=no
        authby=secret
        keyexchange=ike
        auto=start

include /etc/ipsec.d/examples/no_oe.conf

Can anyone enlighten me as to why this isn't working - the obvious 
thought is that FC2 uses a 2.6 kernel and that this in some way is 
incompatible with what I'm trying to do. I'd like to get this working 
though, rather than having to set up another box with RHEL.......any 
help would be most appreciated.

cheers
Matt