[Openswan Users] linux box <> WinXP/SP2 problem (NAT-T, LTPD)

Paul Wouters paul at xelerance.com
Tue Jan 17 18:20:53 CET 2006


On Tue, 17 Jan 2006, Radek Antoniuk wrote:

> Still have the same problem (upgraded to 2.4.5 rc4).
> Probably the cause is fragmentation as you mentioned, because:
> Jan 17 06:58:20 fufu pluto[8840]: packet from 193.16.255.138:500: ignoring
> Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
> Jan 17 06:58:20 fufu pluto[8840]: packet from 193.16.255.138:500: ignoring
> Vendor ID payload [FRAGMENTATION]
> Jan 17 06:58:20 fufu pluto[8840]: packet from 193.16.255.138:500: received
> Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but port
> floating is off

The last line suggestions you have an old nat-t patch? Or somehow not
enabled nat_traversal?

> Jan 17 07:01:56 fufu pluto[8840]: "X509"[5] 193.16.255.138 #9: next payload
> type of ISAKMP Hash Payload has an unknown value: 167
> Jan 17 07:01:56 fufu pluto[8840]: "X509"[5] 193.16.255.138 #9: malformed
> payload in packet

Is this a PSK based connection (despite being called X509?)
This error also shows up when you do not have the proper PSK
in ipsec.secrets?

Paul


More information about the Users mailing list