[Openswan Users] linux box <> WinXP/SP2 problem (NAT-T, LTPD)

Radek Antoniuk R.Antoniuk at pixel.com.pl
Tue Jan 17 13:02:17 CET 2006 

Paul Wouters wrote:
>>Sorry, Of course I forgot to mention version numbers. I'm using 2.6.15 +
>>2.4.5rc3 + NAT-T + KLIPS.
> That should work. Be sure tehre is no fragmentation. You might need to
> configure the ethX on the ipsec server to 1400 to make sure. And set
> the l2tp mru/mtu to 1200.

Still have the same problem (upgraded to 2.4.5 rc4).
Probably the cause is fragmentation as you mentioned, because:
Jan 17 06:58:20 fufu pluto[8840]: packet from 193.16.255.138:500: 
ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
Jan 17 06:58:20 fufu pluto[8840]: packet from 193.16.255.138:500: 
ignoring Vendor ID payload [FRAGMENTATION]
Jan 17 06:58:20 fufu pluto[8840]: packet from 193.16.255.138:500: 
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, 
but port floating is off

But how can I avoid it? Setting eth0 mtu to 1200 does not help.
(i assume that i don't have to bother about l2tp yet because it doesn't 
get to that phase).
Maybe on Windows side?

The whole:


Jan 17 07:01:55 fufu pluto[8840]: packet from 193.16.255.138:500: 
ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
Jan 17 07:01:55 fufu pluto[8840]: packet from 193.16.255.138:500: 
ignoring Vendor ID payload [FRAGMENTATION]
Jan 17 07:01:55 fufu pluto[8840]: packet from 193.16.255.138:500: 
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, 
but port floating is off
Jan 17 07:01:55 fufu pluto[8840]: packet from 193.16.255.138:500: 
ignoring Vendor ID payload [Vid-Initial-Contact]
Jan 17 07:01:55 fufu pluto[8840]: "X509"[5] 193.16.255.138 #9: 
responding to Main Mode from unknown peer 193.16.255.138
Jan 17 07:01:55 fufu pluto[8840]: "X509"[5] 193.16.255.138 #9: 
transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Jan 17 07:01:55 fufu pluto[8840]: "X509"[5] 193.16.255.138 #9: 
STATE_MAIN_R1: sent MR1, expecting MI2
Jan 17 07:01:56 fufu pluto[8840]: "X509"[5] 193.16.255.138 #9: 
transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Jan 17 07:01:56 fufu pluto[8840]: "X509"[5] 193.16.255.138 #9: 
STATE_MAIN_R2: sent MR2, expecting MI3
Jan 17 07:01:56 fufu pluto[8840]: "X509"[5] 193.16.255.138 #9: next 
payload type of ISAKMP Hash Payload has an unknown value: 167
Jan 17 07:01:56 fufu pluto[8840]: "X509"[5] 193.16.255.138 #9: malformed 
payload in packet
Jan 17 07:01:56 fufu pluto[8840]: "X509"[5] 193.16.255.138 #9: sending 
notification PAYLOAD_MALFORMED to 193.16.255.138:500
Jan 17 07:01:56 fufu pluto[8840]: "X509"[5] 193.16.255.138 #9: next 
payload type of ISAKMP Hash Payload has an unknown value: 145
Jan 17 07:01:56 fufu pluto[8840]: "X509"[5] 193.16.255.138 #9: malformed 
payload in packet



-- 
Cheers,
Radek Antoniuk

More information about the Users mailing list