[Openswan Users] Problems with openswan tunnel on Fedora (fwd)

Michael Richardson mcr at sandelman.ottawa.on.ca
Fri Sep 17 13:27:27 CEST 2004


>>>>> "Paul" == Paul Wouters <paul at xelerance.com> writes:
    Paul> Hmm, I guess he is right, which makes this problem odd.

    Paul> What happens when using a PSK? Is the PSK actually used within
    Paul> the kernel? Or is the PSK only used for IKE ?

    Paul> Paul ---------- Forwarded message ---------- Date: Fri, 17 Sep
    Paul> 2004 07:28:02 +1000 From: Herbert Xu
    Paul> <herbert at gondor.apana.org.au> Cc: Ted Kaczmarek
    Paul> <tedkaz at optonline.net>, users at openswan.org To: Paul Wouters
    Paul> <paul at xelerance.com> Subject: Re: [Openswan Users] Problems
    Paul> with openswan tunnel on Fedora

    Paul> On Thu, Sep 16, 2004 at 11:00:51PM +0200, Paul Wouters wrote:
    >> On Thu, 16 Sep 2004, Ted Kaczmarek wrote:
    >>>> Basically, the shared secret we were using was "r%w?a&704" -
    >>>> this works fine on a 2.4 kernel, but produces a
    >>>> "PAYLOAD_MALFORMED" error when run on a 2.6 kernel! Versions of

  First, you will get a PAYLOAD_MALFORMED with IKEv1 when using PSK
if the PSKs are not matched.

  If I understand the problem, you are using racoon on one end with
26sec, and Openswan on the other end with 26sec?
  Or is this Openswan on both ends, but 2.4 (KLIPS) and 2.6 (26sec)?

    >> I don't think we can fix it for you, as this is not a bug in
    >> Openswan.

    Paul> Since this is occuring in phase 1, I don't see how it can be a
    Paul> kernel problem.

  The only way it could be is if there was some memory corrupted in
different ways. Prehaps relating to the secret parsing.

  If you can explain the test cases again for me, (or point me to the
right part of the archives), then perhaps a test case is waranted. If
so, please file a bug report.

- --
]     "Elmo went to the wrong fundraiser" - The Simpson         |  firewalls  [
]   Michael Richardson,    Xelerance Corporation, Ottawa, ON    |net architect[
] mcr at xelerance.com      http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [

Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys


More information about the Users mailing list