[Openswan Users] payload problem

sasa sasa at shoponweb.it
Thu Nov 10 19:27:43 CET 2005


"Paul Wouters" wrote:
> That might do it. One end cannot rekey properly anymore. What happens if 
> you
> run the following command on that end:
>
> ipsec auto --down sedeprinsedesecond
> ipsec auto --delete sedeprinsedesecond

[root at fw root]#ipsec auto --down sedeprinsedesecond
[root at fw root]#ipsec auto --delete sedeprinsedesecond
[root at fw root]#

thanks.

------
Salvatore.


----- Original Message ----- 
From: "Paul Wouters" <paul at xelerance.com>
To: "sasa" <sasa at shoponweb.it>
Cc: <users at openswan.org>
Sent: Thursday, November 10, 2005 6:44 PM
Subject: Re: [Openswan Users] payload problem


> On Thu, 10 Nov 2005, sasa wrote:
>
>> .. pheraps can be util this error on end-point:
>>
>> ERROR: "sedeprinsedesecond" #535: pfkey write() of SADB_ADD message 1053 
>> for
>> Add SA esp.6f25d952 at x.x.x.x failed. Errno 22: Invalid argument
>
> That might do it. One end cannot rekey properly anymore. What happens if 
> you
> run the following command on that end:
>
> ipsec auto --down sedeprinsedesecond
> ipsec auto --delete sedeprinsedesecond
>
> I'm curious to see whehter you are then deleting many instances instead of 
> just one.
> Run this *after* you get the error, before doing any kind of restarting.
>
> (and please tell me the ipsec --version output of both ends)
>
> Paul
>
>> thanks.
>>
>> ------
>> Salvatore.
>>
>>
>> ----- Original Message ----- From: "sasa" <sasa at shoponweb.it>
>> To: <users at openswan.org>
>> Sent: Thursday, November 10, 2005 2:06 PM
>> Subject: [Openswan Users] payload problem
>>
>>
>> > Hi, I have a vpn site-to-site but from same days I have a problem, in
>> > particular on one end-point I have:
>> >
>> > Nov 10 13:48:15 fw4 pluto[2956]: "sedeprinsedesecond" #46: byte 2 of 
>> > ISAKMP
>> > Hash Payload must be zero, but is not
>> > Nov 10 13:48:15 fw4 pluto[2956]: "sedeprinsedesecond" #46: malformed 
>> > payload
>> > in packet
>> > Nov 10 13:48:15 fw4 pluto[2956]: "sedeprinsedesecond" #46: sending
>> > notification PAYLOAD_MALFORMED to x.x.x.x:500
>> > Nov 10 13:48:15 fw4 pluto[2956]: "sedeprinsedesecond" #47: next payload 
>> > type
>> > of ISAKMP Hash Payload has an unknown value: 173
>> >
>> > ..and another end-point I have:
>> >
>> > Nov 10 13:42:36 fw pluto[1062]: "sedeprinsedesecond" #38: Quick Mode I1
>> > message is unacceptable because it uses a previously used Message ID
>> > 0x2d0b2e24 (perhaps this is a duplicated packet)
>> > Nov 10 13:42:36 fw pluto[1062]: "sedeprinsedesecond" #38: sending 
>> > encrypted
>> > notification INVALID_MESSAGE_ID to y.y.y.y:500
>> > Nov 10 13:42:39 fw pluto[1062]: "sedeprinsedesecond" #69: next payload 
>> > type
>> > of ISAKMP Hash Payload has an unknown value: 66
>> > Nov 10 13:42:39 fw pluto[1062]: "sedeprinsedesecond" #69: malformed 
>> > payload
>> > in packet
>> > Nov 10 13:42:39 fw pluto[1062]: "sedeprinsedesecond" #69: sending
>> > notification PAYLOAD_MALFORMED to y.y.y.y:500
>> >
>> > ..my ipsec.conf is:
>> >
>> > config setup
>> > interfaces="ipsec0=eth0"
>> > conn %default
>> > authby=rsasig
>> > conn sedeprinsedesecond
>> > auto=start
>> > pfs=yes
>> > left=x.x.x.x
>> > leftsubnet=192.168.1.0/24
>> > leftnexthop=x.x.x.z
>> > leftrsasigkey=0sAQO...
>> > right=y.y.y.y
>> > rightsubnet=10.0.0.0/24
>> > rightnexthop=y.y.y.z
>> > rightrsasigkey=0sAQNQB...
>> >
>> > thanks.
>> >
>> > ------
>> > Salvatore.
>> > _______________________________________________
>> > Users mailing list
>> > Users at openswan.org
>> > http://lists.openswan.org/mailman/listinfo/users
>> >
>>
>> _______________________________________________
>> Users mailing list
>> Users at openswan.org
>> http://lists.openswan.org/mailman/listinfo/users
>>
>
> -- 
>
> "Happiness is never grand"
>
> --- Mustapha Mond, World Controller (Brave New World)
> 



More information about the Users mailing list