[Openswan Users] Vigor 2800 and openswan 2.4.5rc4

Benny Amorsen benny+usenet at amorsen.dk
Thu Feb 9 14:15:12 CET 2006


When I try to make a tunnel between a Vigor 2800 and openswan 2.4.5rc4
with kernel-2.6.15-1.1831_FC4, I get these messages:

Feb  9 12:08:31 vpn01 pluto[14628]: "connection1" #1: responding to Main Mode
Feb  9 12:08:31 vpn01 pluto[14628]: "connection1" #1: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Feb  9 12:08:31 vpn01 pluto[14628]: "connection1" #1: STATE_MAIN_R1: sent MR1, expecting MI2
Feb  9 12:08:31 vpn01 pluto[14628]: "connection1" #1: message ignored because it contains an unknown or unexpected payload type (ISAKMP_NEXT_15) at the outermost level
Feb  9 12:08:31 vpn01 pluto[14628]: "connection1" #1: sending notification INVALID_PAYLOAD_TYPE to 212.1.2.3:500
Feb  9 12:08:34 vpn01 pluto[14628]: "connection1" #1: message ignored because it contains an unknown or unexpected payload type (ISAKMP_NEXT_15) at the outermost level
Feb  9 12:08:34 vpn01 pluto[14628]: "connection1" #1: sending notification INVALID_PAYLOAD_TYPE to 212.1.2.3:500
Feb  9 12:08:40 vpn01 pluto[14628]: "connection1" #1: message ignored because it contains an unknown or unexpected payload type (ISAKMP_NEXT_15) at the outermost level
Feb  9 12:08:40 vpn01 pluto[14628]: "connection1" #1: sending notification INVALID_PAYLOAD_TYPE to 212.1.2.3:500

The connection is defined this way:

conn connection1
        auto=add
        authby=secret
        keyexchange=ike
        ikelifetime=240m
        type=tunnel
        auth=esp
        pfs=yes
        compress=no
        keylife=60m
        left=217.3.2.1
        leftsubnet=172.31.0.0/24
        leftnexthop=%defaultroute
        right=212.1.2.3
        rightsubnet=10.0.16.0/28
        rightnexthop=%defaultroute

All IP-adresses have been anonymized. openswan-2.4.4 reacts in exactly
the same way.

The only relevant bit in the source I can find is this:

#define ISAKMP_NEXT_NATD_BADDRAFTS   15 /* NAT-Traversal: NAT-D (bad drafts) */
                                        /* !!! Conflicts with RFC 3547 */

and the two places in the source where that constant is used.



/Benny




More information about the Users mailing list