[Openswan Users] not quite there - ipsec SA proposal no working

Mads Rasmussen mads at grupof.com.br
Mon Jan 24 17:03:27 CET 2005 

Paul Wouters escreveu:

> you're mixing things here. You should not be using X.509 based id's 
> for only one
> end of the connection. Remove leftid or put the real subject of its 
> X.509 certificate
> in there.

Thanks Paul, got me further but didn't quite fix the problem

I changed the config to (no rightsubnet and leftsubnet now defined)

conn %default
        authby=rsasig
        left=pernambuco.dyndns.org
        leftcert=pernambuco-gw.pem
        leftsubnet=10.30.0.0/24
        rightrsasigkey=%cert
        auto=add

conn road
        right=%any
        leftid="/C=BR/ST=Sao Paulo/O=Grupo F 
Arquitetura/OU=TI/CN=pernambuco.dy\
ndns.org"
        rightid="/C=BR/O=Grupo F Arquitetura/OU=TI/CN=remote at grupof.com.br"

and get "payload malformed" in my logs:

What could cause this? I'm using SSH sentinel for win2k

Jan 24 16:59:02 [pluto] "road"[2] gw_ip #12: Peer ID is ID_DER_ASN1_DN: 
'C=BR, O=Grupo F Arquitetura, OU=TI, CN=remote at grupof.com.br'
Jan 24 16:59:02 [pluto] "road"[2] gw_ip #12: no crl from issuer "C=BR, 
ST=Sao Paulo, L=Sao Paulo, O=Grupo F Arquitetura, OU=TI, 
CN=pernambuco.dyndns.org" found (strict=no)
Jan 24 16:59:02 [pluto] "road"[2] gw_ip #12: I am sending my cert
Jan 24 16:59:02 [pluto] "road"[2] gw_ip #12: transition from state 
STATE_MAIN_R2 to state STATE_MAIN_R3
Jan 24 16:59:02 [pluto] "road"[2] gw_ip #12: sent MR3, ISAKMP SA established
Jan 24 16:59:03 [pluto] "road"[2] gw_ip #13: IPCA (IPcomp SA) contains 
GROUP_DESCRIPTION.  Ignoring inapproprate attribute.
Jan 24 16:59:03 [pluto] "road"[2] gw_ip #13: responding to Quick Mode
Jan 24 16:59:03 [kernel] klips_debug:pfkey_sendmsg: .
Jan 24 16:59:03 [kernel] klips_debug:pfkey_ipsec_sa_init: (pfkey 
defined) IPIP ipsec_sa set for gw_ip->road_ip.
Jan 24 16:59:03 [pluto] "road"[2] gw_ip #13: transition from state 
(null) to state STATE_QUICK_R1
Jan 24 16:59:04 [pluto] "road"[2] gw_ip #12: ignoring informational 
payload, type PAYLOAD_MALFORMED
Jan 24 16:59:04 [pluto] "road"[2] gw_ip #12: received and ignored 
informational message



-- 
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.300 / Virus Database: 265.7.2 - Release Date: 21/1/2005

More information about the Users mailing list