[Openswan Users] Host Certifcate

Oliver Tomkins oliver.tomkins at alliedvehicles.co.uk
Wed May 10 18:43:58 CEST 2006


Hello all,

The host certificate on the Openswan machine turned 1 year old today and 
  understandably stopped people from being able to connect.

My windows XP clients started failing with the error:

"The l2tp connection attempt failed because there is no valid machine 
certificate on your computer for security authentication."

I revoked the current certificate on the host and created new ones for 
the server.

When I connect now I get the same error from the client machine and this 
in /var/log/secure/

May 10 17:35:56 host pluto[1581]: packet from XX.XX.XX.XX:500: ignoring 
Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
May 10 17:35:56 host pluto[1581]: packet from XX.XX.XX.XX:500: ignoring 
Vendor ID payload [FRAGMENTATION]
May 10 17:35:56 host pluto[1581]: packet from XX.XX.XX.XX:500: received 
Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
May 10 17:35:56 host pluto[1581]: packet from XX.XX.XX.XX:500: ignoring 
Vendor ID payload [Vid-Initial-Contact]
May 10 17:35:56 host pluto[1581]: "conn"[2] XX.XX.XX.XX #2: responding 
to Main Mode from unknown peer XX.XX.XX.XX
May 10 17:35:56 host pluto[1581]: "conn"[2] XX.XX.XX.XX #2: transition 
from state STATE_MAIN_R0 to state STATE_MAIN_R1
May 10 17:35:56 host pluto[1581]: "conn"[2] XX.XX.XX.XX #2: 
STATE_MAIN_R1: sent MR1, expecting MI2
May 10 17:35:57 host pluto[1581]: "conn"[2] XX.XX.XX.XX #2: 
NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: peer is NATed
May 10 17:35:57 host pluto[1581]: "conn"[2] XX.XX.XX.XX #2: transition 
from state STATE_MAIN_R1 to state STATE_MAIN_R2
May 10 17:35:57 host pluto[1581]: "conn"[2] XX.XX.XX.XX #2: 
STATE_MAIN_R2: sent MR2, expecting MI3
May 10 17:35:57 host pluto[1581]: "conn"[2] XX.XX.XX.XX #2: next payload 
type of ISAKMP Hash Payload has an unknown value: 36
May 10 17:35:57 host pluto[1581]: "conn"[2] XX.XX.XX.XX #2: malformed 
payload in packet
May 10 17:35:57 host pluto[1581]: "conn"[2] XX.XX.XX.XX #2: sending 
notification PAYLOAD_MALFORMED to XX.XX.XX.XX:500
May 10 17:35:57 host pluto[1581]: "conn"[2] XX.XX.XX.XX #2: byte 2 of 
ISAKMP Hash Payload must be zero, but is not
May 10 17:35:57 host pluto[1581]: "conn"[2] XX.XX.XX.XX #2: malformed 
payload in packet


Any thoughts?

Thanks,

Olly.

The information in this e-mail is confidential. The contents may not be disclosed or used by anyone other than the addressee. If you are not the intended recipient, please notify the sender immediately by reply e-mail and delete this message. Allied Vehicles cannot accept any responsibility for the accuracy or completeness of this message as it has been transmitted over a public network.
For details of our products and services please visit our website at www.alliedvehicles.co.uk


More information about the Users mailing list