[Openswan Users] XP client quit connecting

Brian Hoover brian_hoover at verizon.net
Tue Apr 17 10:01:41 EDT 2007 

Hello,

My openswan (2.4.7) installation serves as a road warrior gateway.

After many weeks and many users one user does not connect any longer.  A 
clip of the log follows.

I did just change the corporate ISP connection from a single T1 to 2 
bonded T1s using Cisco CEF in per-packet mode.  This has not effected 
other clients.

The problem client is XP SP2 native L2TP client, via a Netgear WGT624 
(wired) and COX cable.

Any help would be appreciated.

Brian

Apr 17 08:26:22 rio pluto[10427]: "L2TP-CERT-NAT"[3] cli.ent.ipa.ddr #3: 
I am sending my cert
Apr 17 08:26:22 rio pluto[10427]: "L2TP-CERT-NAT"[3] cli.ent.ipa.ddr #3: 
transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Apr 17 08:26:22 rio pluto[10427]: | NAT-T: new mapping 
cli.ent.ipa.ddr:500/3017)
Apr 17 08:26:22 rio pluto[10427]: "L2TP-CERT-NAT"[3] cli.ent.ipa.ddr #3: 
STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_RSA_SIG 
cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp2048}
Apr 17 08:26:23 rio pluto[10427]: "L2TP-CERT-NAT"[3] cli.ent.ipa.ddr #3: 
retransmitting in response to duplicate packet; already STATE_MAIN_R3
Apr 17 08:26:25 rio pluto[10427]: "L2TP-CERT-NAT"[3] cli.ent.ipa.ddr #3: 
retransmitting in response to duplicate packet; already STATE_MAIN_R3
Apr 17 08:26:29 rio pluto[10427]: "L2TP-CERT-NAT"[3] cli.ent.ipa.ddr #3: 
discarding duplicate packet -- exhausted retransmission; already 
STATE_MAIN_R3
Apr 17 08:26:53 rio last message repeated 2 times
Apr 17 08:27:25 rio pluto[10427]: "L2TP-CERT-NAT"[3] cli.ent.ipa.ddr #3: 
next payload type of ISAKMP Hash Payload has an unknown value: 208 
#comment# 208 varies attempt to attempt
Apr 17 08:27:25 rio pluto[10427]: "L2TP-CERT-NAT"[3] cli.ent.ipa.ddr #3: 
malformed payload in packet
Apr 17 08:27:25 rio pluto[10427]: | payload malformed after IV
Apr 17 08:27:25 rio pluto[10427]: |   8d ff 47 36  82 bf 01 e2
#comment# data varies attempt to attempt
Apr 17 08:27:25 rio pluto[10427]: "L2TP-CERT-NAT"[3] cli.ent.ipa.ddr #3: 
sending notification PAYLOAD_MALFORMED to cli.ent.ipa.ddr:3017

More information about the Users mailing list