[Openswan Users] Re: Wierd ISAKMP message

Shaheen Ali ali at smallmoon.com
Fri Jan 14 09:01:51 CET 2005

> On Thu, 13 Jan 2005, Shaheen Ali wrote:
>> Our testers have come up with a really wierd IPSEC security association
message.  It has two proposals in it, both for the same protocol
>> In each proposal is the exact same transform, 3des and sha1.
>> I think pluto (openswan-1.0.7) rejects the message with a notification
malformed payload.
> What version of openswan is generating these packets? If it is 2.2.x
then this is a known bug and has been fixed.
> Paul

Sorry to confuse you.  The strangely formed packet was from a simulator,
it was generated intentionally.  My question is whether or not that is a
legit packet.  I may not have mentioned that this was the first message in
a main mode phase 1 negotiation.

I did a little RFC digging and 2409, section 5 seems to say that you
cannot have two proposals just many transforms in one proposal.


More information about the Users mailing list