[Openswan Users] Vigor 2800 and openswan 2.4.5rc4
Benny Amorsen
benny+usenet at amorsen.dk
Thu Feb 9 14:15:12 CET 2006
When I try to make a tunnel between a Vigor 2800 and openswan 2.4.5rc4
with kernel-2.6.15-1.1831_FC4, I get these messages:
Feb 9 12:08:31 vpn01 pluto[14628]: "connection1" #1: responding to Main Mode
Feb 9 12:08:31 vpn01 pluto[14628]: "connection1" #1: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Feb 9 12:08:31 vpn01 pluto[14628]: "connection1" #1: STATE_MAIN_R1: sent MR1, expecting MI2
Feb 9 12:08:31 vpn01 pluto[14628]: "connection1" #1: message ignored because it contains an unknown or unexpected payload type (ISAKMP_NEXT_15) at the outermost level
Feb 9 12:08:31 vpn01 pluto[14628]: "connection1" #1: sending notification INVALID_PAYLOAD_TYPE to 212.1.2.3:500
Feb 9 12:08:34 vpn01 pluto[14628]: "connection1" #1: message ignored because it contains an unknown or unexpected payload type (ISAKMP_NEXT_15) at the outermost level
Feb 9 12:08:34 vpn01 pluto[14628]: "connection1" #1: sending notification INVALID_PAYLOAD_TYPE to 212.1.2.3:500
Feb 9 12:08:40 vpn01 pluto[14628]: "connection1" #1: message ignored because it contains an unknown or unexpected payload type (ISAKMP_NEXT_15) at the outermost level
Feb 9 12:08:40 vpn01 pluto[14628]: "connection1" #1: sending notification INVALID_PAYLOAD_TYPE to 212.1.2.3:500
The connection is defined this way:
conn connection1
auto=add
authby=secret
keyexchange=ike
ikelifetime=240m
type=tunnel
auth=esp
pfs=yes
compress=no
keylife=60m
left=217.3.2.1
leftsubnet=172.31.0.0/24
leftnexthop=%defaultroute
right=212.1.2.3
rightsubnet=10.0.16.0/28
rightnexthop=%defaultroute
All IP-adresses have been anonymized. openswan-2.4.4 reacts in exactly
the same way.
The only relevant bit in the source I can find is this:
#define ISAKMP_NEXT_NATD_BADDRAFTS 15 /* NAT-Traversal: NAT-D (bad drafts) */
/* !!! Conflicts with RFC 3547 */
and the two places in the source where that constant is used.
/Benny
More information about the Users
mailing list