[Openswan Users] Malformed payload

Alessio alessio.fattorini at gmail.com
Tue Jul 19 09:07:01 CEST 2005 

Bah, same problem.. I'm felled

Jul 19 09:56:24 randa pluto[24924]: packet from 212.28.**.**:500: ignoring
Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
Jul 19 09:56:24 randa pluto[24924]: packet from 212.28.**.**:500: ignoring
Vendor ID payload [FRAGMENTATION]
Jul 19 09:56:24 randa pluto[24924]: packet from 212.28.**.**:500: received
Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using
method 0
Jul 19 09:56:24 randa pluto[24924]: packet from 212.28.**.**:500: ignoring
Vendor ID payload [26244d38eddb61b3172a36e3d0cfb819]
Jul 19 09:56:24 randa pluto[24924]: "roadwarrior"[1] 212.28.**.** #1: responding
to Main Mode from unknown peer 212.28.**.**
Jul 19 09:56:24 randa pluto[24924]: "roadwarrior"[1] 212.28.**.** #1: transition
from state (null) to state STATE_MAIN_R1
Jul 19 09:56:24 randa pluto[24924]: "roadwarrior"[1] 212.28.**.** #1: transition
from state STATE_MAIN_R1 to state STATE_MAIN_R2
Jul 19 09:56:25 randa pluto[24924]: "roadwarrior"[1] 212.28.**.** #1: next
payload type of ISAKMP Hash Payload has an unknown value: 193
Jul 19 09:56:25 randa pluto[24924]: "roadwarrior"[1] 212.28.**.** #1: malformed
payload in packet
Jul 19 09:56:25 randa pluto[24924]: "roadwarrior"[1] 212.28.**.** #1: sending
encrypted notification PAYLOAD_MALFORMED to 212.28.**.**:500
Jul 19 09:56:25 randa pluto[24924]: "roadwarrior"[1] 212.28.**.** #1: next
payload type of ISAKMP Hash Payload has an unknown value: 255
Jul 19 09:56:25 randa pluto[24924]: "roadwarrior"[1] 212.28.**.** #1: malformed
payload in packet
Jul 19 09:56:25 randa pluto[24924]: "roadwarrior"[1] 212.28.**.** #1: sending
encrypted notification PAYLOAD_MALFORMED to 212.28.1






This is my status


PROXYranda:~# ipsec auto --status
000 interface ipsec0/eth1 85.44.**.**
000 interface ipsec0/eth1 85.44.**.**
000 %myid = (none)
000 debug none
000  
000 algorithm ESP encrypt: id=3, name=ESP_3DES, ivlen=128, keysizemin=168,
keysizemax=168
000 algorithm ESP auth attr: id=1, 
name=AUTH_ALGORITHM_HMAC_MD5, keysizemin=128,
keysizemax=128
000 algorithm ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1,
keysizemin=160, keysizemax=160
000  
000 algorithm IKE encrypt: id=7, name=OAKLEY_AES_CBC, blocksize=16, keydeflen=128
000 algorithm IKE encrypt: id=5, name=OAKLEY_3DES_CBC, blocksize=8, keydeflen=192
000 algorithm IKE hash: id=2, name=OAKLEY_SHA, hashsize=20
000 algorithm IKE hash: id=1, name=OAKLEY_MD5, hashsize=16
000 algorithm IKE dh group: id=2, name=OAKLEY_GROUP_MODP1024, bits=1024
000 algorithm IKE dh group: id=5, name=OAKLEY_GROUP_MODP1536, bits=1536
000 algorithm IKE dh group: id=14, name=OAKLEY_GROUP_MODP2048, bits=2048
000 algorithm IKE dh group: id=15, name=OAKLEY_GROUP_MODP3072, bits=3072
000 algorithm IKE dh group: id=16, name=OAKLEY_GROUP_MODP4096, bits=4096
000 algorithm IKE dh group: id=17, name=OAKLEY_GROUP_MODP6144, bits=6144
000 algorithm IKE dh group: id=18, name=OAKLEY_GROUP_MODP8192, bits=8192
000  
000 stats db_ops.c: {curr_cnt, total_cnt, maxsz} :context={0,0,0} trans={0,0,0}
attrs={0,0,0} 
000  
000 "roadwarrior": 85.44.**.**[C=IT, ST=Italia, L=**o, O=**, OU=**, CN=Alessio,
E=a.fattorini at abanet.it]...%virtual===?; unrouted; eroute owner: #0
000 "roadwarrior":   CAs: 'C=IT, ST=Italia, L=**, O=A**, OU=SIS, CN=Alessio,
E=a.**'...'%any'
000 "roadwarrior":   ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s;
rekey_fuzz: 100%; keyingtries: 1
000 "roadwarrior":   policy: RSASIG+ENCRYPT+COMPRESS+TUNNEL+PFS; prio: 32,32;
interface: eth1; 
000 "roadwarrior":   newest ISAKMP SA: #0; newest IPsec SA: #0; 
000 "roadwarrior":   IKE algorithms wanted: 5_000-1-5, 5_000-1-2, 5_000-2-5,
5_000-2-2, flags=-strict
000 "roadwarrior":   IKE algorithms found:  5_192-1_128-5, 5_192-1_128-2,
5_192-2_160-5, 5_192-2_160-2, 
000 "roadwarrior":   ESP algorithms wanted: 3_000-1, 3_000-2, flags=-strict
000 "roadwarrior":   ESP algorithms loaded: 3_000-1, 3_000-2, flags=-strict






and my ipsec.conf




# basic configuration
config setup
        # Debug-logging controls:  "none" for (almost) none, "all" for lots.
        # klipsdebug=all
        # plutodebug=all
        # crlcheckinterval=600
        # strictcrlpolicy=yes
        interfaces="ipsec0=eth1"
        nat_traversal=yes
       
virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,
%v4:192.168.0.0/16,%v4:!192.168.20.0/24

#conn %default
#       rightrsasigkey=%cert
#       leftrsasigkey=%cert

conn %default
        keyingtries=1
        compress=yes
        disablearrivalcheck=no
        authby=rsasig
        leftrsasigkey=%cert
        rightrsasigkey=%cert

# OE policy groups are disabled by default
conn block
        auto=ignore

conn clear
        auto=ignore

conn private
        auto=ignore

conn private-or-clear
        auto=ignore

conn clear-or-private
        auto=ignore

conn clear
    auto=ignore

conn packetdefault
        auto=ignore


conn roadwarrior
        left=85.44.**.**
        leftcert=randa.pem
        right=%any
        rightsubnet=vhost:%no,%priv
        auto=add
        pfs=yes

conn roadwarrior-l2tp
        leftprotoport=17/0
        rightprotoport=17/1701
        rightca=%same
        compress=no
        pfs=no
        also=roadwarrior
conn roadwarrior-l2tp-oldwin
        leftprotoport=17/0
        rightprotoport=17/1701
        rightca=%same
        compress=no
        pfs=no
        also=roadwarrior

More information about the Users mailing list