[Openswan Users] Malformed payload

Alessio alessio.fattorini at gmail.com
Mon Jul 18 15:54:20 CEST 2005 

I have setup a VPN connection using this howto
http://www.natecarlson.com/linux/ipsec-l2tp.php
When i connect from my Windows host, the connection failed and auth.log reports
thos errors..

Jul 18 12:22:52 randa pluto[21612]: packet from 212.28.**.**:500: ignoring
Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
Jul 18 12:22:52 randa pluto[21612]: packet from 212.28.**.**:500: ignoring
Vendor ID payload [FRAGMENTATION]
Jul 18 12:22:52 randa pluto[21612]: packet from 212.28.**.**:500: ignoring
Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
Jul 18 12:22:52 randa pluto[21612]: packet from 212.28.**.**:500: ignoring
Vendor ID payload [26244d38eddb61b3...]
Jul 18 12:22:52 randa pluto[21612]: "roadwarrior-l2tp"[3] 212.28.**.** #3:
responding to Main Mode from unknown peer 212.28.**.**
Jul 18 12:22:53 randa pluto[21612]: "roadwarrior-l2tp"[3] 212.28.**.** #3: next
payload type of ISAKMP Hash Payload has an unknown value: 22
Jul 18 12:22:53 randa pluto[21612]: "roadwarrior-l2tp"[3] 212.28.**.** #3:
malformed payload in packet
Jul 18 12:22:53 randa pluto[21612]: "roadwarrior-l2tp"[3] 212.28.**.** #3:
sending encrypted notification PAYLOAD_MALFORMED to 212.28.160.44:500
Jul 18 12:22:53 randa pluto[21612]: "roadwarrior-l2tp"[3] 212.28.**.** #3: next
payload type of ISAKMP Hash Payload has an unknown value: 78
Jul 18 12:22:53 randa pluto[21612]: "roadwarrior-l2tp"[3] 212.28.**.** #3:
malformed payload in packet
Jul 18 12:22:53 randa pluto[21612]: "roadwarrior-l2tp"[3] 212.28.**.** #3:
sending encrypted notification PAYLOAD_MALFORMED to 212.28.**.**:500

This is my ipsec.conf.
Do you have any idea?


# basic configuration
config setup
        # Debug-logging controls:  "none" for (almost) none, "all" for lots.
        # klipsdebug=all
        # plutodebug=all
        # crlcheckinterval=600
        # strictcrlpolicy=yes
        interfaces="ipsec0=eth1"
        nat_traversal=yes
        virtual_private=%v4:192.168.2.0/24

#conn %default
#       rightrsasigkey=%cert
#       leftrsasigkey=%cert

conn %default
        keyingtries=1
        compress=yes
        disablearrivalcheck=no
        authby=rsasig
        leftrsasigkey=%cert
        rightrsasigkey=%cert

# OE policy groups are disabled by default
conn block
        auto=ignore

conn clear
        auto=ignore

conn private
        auto=ignore

conn private-or-clear
        auto=ignore

conn clear-or-private
        auto=ignore

conn clear
    auto=ignore

conn packetdefault
        auto=ignore




conn roadwarrior-net
        leftsubnet=192.168.2.0/255.255.255.0
        also=roadwarrior

conn roadwarrior-all
        leftsubnet=0.0.0.0/0
        also=roadwarrior

conn roadwarrior
        left=85.44.**.**
        leftcert=randa.pem
        right=%any
        rightsubnet=vhost:%no,%priv
        auto=add
        pfs=yes

conn roadwarrior-l2tp
        type=transport
        left=85.44.**.**
        leftcert=randa.pem
        leftprotoport=17/1701
        right=%any
        rightprotoport=17/1701
        pfs=no
        auto=add

conn roadwarrior-l2tp-oldwin
        left=85.44.**.**
        leftcert=randa.pem
        leftprotoport=17/0
        right=%any
        rightprotoport=17/1701
        rightsubnet=vhost:%no,%priv
        pfs=no
        auto=add

More information about the Users mailing list