[Openswan Users] Nat problems.

Felipe Piccirilo piccirilo at gruponet.com.br
Tue Mar 22 13:04:23 CET 2005 

Hi Folks!


	Do anybody knows what could be possible wrong here at this messages on the Roadwarrior:

"my_tunnel" #7: not enough room in input packet for ISAKMP Vendor ID Payload
"my_tunnel" #7: malformed payload in packet

	These messages keep going on and on on the gateway side:

Mar 22 12:24:32 srv1 pluto[14817]: packet from 201.x.x.x:51366: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
Mar 22 12:24:32 srv1 pluto[14817]: | VID:  7d 94 19 a6  53 10 ca 6f  2c 17 9d 92  15 52 9d 56
Mar 22 12:24:32 srv1 pluto[14817]: packet from 201.x.x.x:51366: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02]
Mar 22 12:24:32 srv1 pluto[14817]: | VID:  cd 60 46 43  35 df 21 f8  7c fd b2 fc  68 b6 a4 48
Mar 22 12:24:32 srv1 pluto[14817]: packet from 201.x.x.x:51366: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Mar 22 12:24:32 srv1 pluto[14817]: | VID:  44 85 15 2d  18 b6 bb cd  0b e8 a8 46  95 79 dd cc
Mar 22 12:24:32 srv1 pluto[14817]: packet from 201.x.x.x:51366: ignoring Vendor ID payload [Dead Peer Detection]


Here are my current ipsec.conf configuration:

(Roadwarrior)
conn vpn_monza
        keyingtries=0
        authby=secret
        pfs=no
        left=200.hide.hide.hide
        leftsubnet=192.168.8.0/255.255.255.0
        leftnexthop=200.hide.hide.1
        right=%any
        rightsubnet=192.168.3.0/255.255.255.0
        rightid=@fw.myhost.com.br
        auto=start

(Gateway)
conn vpn_monza
        keyingtries=0
        pfs=no
        authby=secret
        esp=3des-hmac-md5
        disablearrivalcheck=no
        left=200.hide.hide.hide
        leftsubnet=192.168.8.0/255.255.255.0
        leftnexthop=200.hide.hide.1
        right=%any
        rightsubnet=192.168.3.0/255.255.255.0
        rightid=@fw.myhost.com.br
        auto=add


	I'm very sure that the problem is in the Gateway side, because I test it with a similar computer of the Roadwarrior and I established the tunnel. 

	In the Gateway I'm using FreeS/wan 1.99 with with Nat-patch applied.

	In the Roadwarrior is the 1.97 of Linux FreeS/WAN.

	What can I check to try solve this problem?


[]s

==========================
Felipe Piccirilo  
+55 (19) 3404-6505 
==========================

More information about the Users mailing list