[Openswan Users] payload problem

Paul Wouters paul at xelerance.com
Thu Nov 10 18:42:15 CET 2005 

On Thu, 10 Nov 2005, sasa wrote:

> Hi, I have a vpn site-to-site but from same days I have a problem, in
> particular on one end-point I have:

[ config shows a really simple raw rsasig openswan-openswan interop config

> Nov 10 13:48:15 fw4 pluto[2956]: "sedeprinsedesecond" #46: byte 2 of ISAKMP
> Hash Payload must be zero, but is not
> Nov 10 13:48:15 fw4 pluto[2956]: "sedeprinsedesecond" #46: malformed payload
> in packet
> Nov 10 13:48:15 fw4 pluto[2956]: "sedeprinsedesecond" #46: sending
> notification PAYLOAD_MALFORMED to x.x.x.x:500
> Nov 10 13:48:15 fw4 pluto[2956]: "sedeprinsedesecond" #47: next payload type
> of ISAKMP Hash Payload has an unknown value: 173

That's strange. Either we don't interop with ourselves (have a bug) or some
machine in the middle is messing with IKE packets.

Can you tell me the 'ipsec --version' output on both ends of this connection?
Also, could there be a router between these machines that might have the
"IPsec passthrough" feature?

Paul
(please leave most of this message intact when replying, so I have all the information
for the bug report in this email if I need to file one)

> ..and another end-point I have:
>
> Nov 10 13:42:36 fw pluto[1062]: "sedeprinsedesecond" #38: Quick Mode I1
> message is unacceptable because it uses a previously used Message ID
> 0x2d0b2e24 (perhaps this is a duplicated packet)
> Nov 10 13:42:36 fw pluto[1062]: "sedeprinsedesecond" #38: sending encrypted
> notification INVALID_MESSAGE_ID to y.y.y.y:500
> Nov 10 13:42:39 fw pluto[1062]: "sedeprinsedesecond" #69: next payload type of
> ISAKMP Hash Payload has an unknown value: 66
> Nov 10 13:42:39 fw pluto[1062]: "sedeprinsedesecond" #69: malformed payload in
> packet
> Nov 10 13:42:39 fw pluto[1062]: "sedeprinsedesecond" #69: sending notification
> PAYLOAD_MALFORMED to y.y.y.y:500
>
> ..my ipsec.conf is:
>
> config setup
> interfaces="ipsec0=eth0"
> conn %default
> authby=rsasig
> conn sedeprinsedesecond
> auto=start
> pfs=yes
> left=x.x.x.x
> leftsubnet=192.168.1.0/24
> leftnexthop=x.x.x.z
> leftrsasigkey=0sAQO...
> right=y.y.y.y
> rightsubnet=10.0.0.0/24
> rightnexthop=y.y.y.z
> rightrsasigkey=0sAQNQB...
>
> thanks.
>
> ------
> Salvatore.
> _______________________________________________
> Users mailing list
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
>

-- 

"Happiness is never grand"

	--- Mustapha Mond, World Controller (Brave New World)

More information about the Users mailing list