[Openswan Users] payload problem

Paul Wouters paul at xelerance.com
Thu Nov 10 18:44:49 CET 2005


On Thu, 10 Nov 2005, sasa wrote:

> .. pheraps can be util this error on end-point:
>
> ERROR: "sedeprinsedesecond" #535: pfkey write() of SADB_ADD message 1053 for
> Add SA esp.6f25d952 at x.x.x.x failed. Errno 22: Invalid argument

That might do it. One end cannot rekey properly anymore. What happens if you
run the following command on that end:

ipsec auto --down sedeprinsedesecond
ipsec auto --delete sedeprinsedesecond

I'm curious to see whehter you are then deleting many instances instead of just one.
Run this *after* you get the error, before doing any kind of restarting.

(and please tell me the ipsec --version output of both ends)

Paul

> thanks.
>
> ------
> Salvatore.
>
>
> ----- Original Message ----- From: "sasa" <sasa at shoponweb.it>
> To: <users at openswan.org>
> Sent: Thursday, November 10, 2005 2:06 PM
> Subject: [Openswan Users] payload problem
>
>
> > Hi, I have a vpn site-to-site but from same days I have a problem, in
> > particular on one end-point I have:
> >
> > Nov 10 13:48:15 fw4 pluto[2956]: "sedeprinsedesecond" #46: byte 2 of ISAKMP
> > Hash Payload must be zero, but is not
> > Nov 10 13:48:15 fw4 pluto[2956]: "sedeprinsedesecond" #46: malformed payload
> > in packet
> > Nov 10 13:48:15 fw4 pluto[2956]: "sedeprinsedesecond" #46: sending
> > notification PAYLOAD_MALFORMED to x.x.x.x:500
> > Nov 10 13:48:15 fw4 pluto[2956]: "sedeprinsedesecond" #47: next payload type
> > of ISAKMP Hash Payload has an unknown value: 173
> >
> > ..and another end-point I have:
> >
> > Nov 10 13:42:36 fw pluto[1062]: "sedeprinsedesecond" #38: Quick Mode I1
> > message is unacceptable because it uses a previously used Message ID
> > 0x2d0b2e24 (perhaps this is a duplicated packet)
> > Nov 10 13:42:36 fw pluto[1062]: "sedeprinsedesecond" #38: sending encrypted
> > notification INVALID_MESSAGE_ID to y.y.y.y:500
> > Nov 10 13:42:39 fw pluto[1062]: "sedeprinsedesecond" #69: next payload type
> > of ISAKMP Hash Payload has an unknown value: 66
> > Nov 10 13:42:39 fw pluto[1062]: "sedeprinsedesecond" #69: malformed payload
> > in packet
> > Nov 10 13:42:39 fw pluto[1062]: "sedeprinsedesecond" #69: sending
> > notification PAYLOAD_MALFORMED to y.y.y.y:500
> >
> > ..my ipsec.conf is:
> >
> > config setup
> > interfaces="ipsec0=eth0"
> > conn %default
> > authby=rsasig
> > conn sedeprinsedesecond
> > auto=start
> > pfs=yes
> > left=x.x.x.x
> > leftsubnet=192.168.1.0/24
> > leftnexthop=x.x.x.z
> > leftrsasigkey=0sAQO...
> > right=y.y.y.y
> > rightsubnet=10.0.0.0/24
> > rightnexthop=y.y.y.z
> > rightrsasigkey=0sAQNQB...
> >
> > thanks.
> >
> > ------
> > Salvatore.
> > _______________________________________________
> > Users mailing list
> > Users at openswan.org
> > http://lists.openswan.org/mailman/listinfo/users
> >
>
> _______________________________________________
> Users mailing list
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
>

-- 

"Happiness is never grand"

	--- Mustapha Mond, World Controller (Brave New World)


More information about the Users mailing list