[Openswan Users] problem with vpn between openswan and zyxel

Davide Pasini ilpaso at inwind.it
Sun Dec 9 03:10:16 EST 2007


hi all,
my situation is

192.168.2.0/24===192.168.2.9(OpenswanGateway)---192.168.2.1(routerLANIP)/151.xx.yy.zz(routerWANIP).........151.kk.ll.mm(routerZyxelVPNWANIP)/192.168.1.1(routerZyxelVPNLANIP)===192.168.1.0/24

The Openswan gateway talks with router zyxel but plutostderrlog says:

Plutorun started on Sun Dec 9 09:00:26 CET 2007
Starting Pluto (Openswan Version 2.4.6 X.509-1.5.4 LDAP_V3
PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR; Vendor ID OElLO]RdWNRD)
Setting NAT-Traversal port-4500 floating to off
   port floating activation criteria nat_t=0/port_fload=1
  including NAT-Traversal patch (Version 0.6c) [disabled]
WARNING: Open of /dev/hw_random failed in init_rnd_pool(), trying
alternate sources of random
WARNING: Using /dev/urandom as the source of random
ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
starting up 1 cryptographic helpers
WARNING: Open of /dev/hw_random failed in init_rnd_pool(), trying
alternate sources of random
WARNING: Using /dev/urandom as the source of random
started helper pid=4849 (fd:5)
Using Linux 2.6 IPsec interface code on 2.6.22-14-generic
Changing to directory '/etc/ipsec.d/cacerts'
Changing to directory '/etc/ipsec.d/aacerts'
Changing to directory '/etc/ipsec.d/ocspcerts'
Changing to directory '/etc/ipsec.d/crls'
  Warning: empty directory
added connection description "VPNUfficio"
listening for IKE messages
adding interface eth1/eth1 192.168.2.9:500
adding interface lo/lo 127.0.0.1:500
adding interface lo/lo ::1:500
loading secrets from "/etc/ipsec.secrets"
"VPNUfficio" #1: initiating Main Mode
"VPNUfficio" #1: ignoring unknown Vendor ID payload
[625027749d5ab9**********************]
"VPNUfficio" #1: transition from state STATE_MAIN_I1 to state
STATE_MAIN_I2
"VPNUfficio" #1: STATE_MAIN_I2: sent MI2, expecting MR2
"VPNUfficio" #1: I did not send a certificate because I do not have one.
"VPNUfficio" #1: transition from state STATE_MAIN_I2 to state
STATE_MAIN_I3
"VPNUfficio" #1: STATE_MAIN_I3: sent MI3, expecting MR3
"VPNUfficio" #1: next payload type of ISAKMP Hash Payload has an unknown
value: 112
"VPNUfficio" #1: malformed payload in packet
"VPNUfficio" #1: sending notification PAYLOAD_MALFORMED to
151.kk.ll.mm:500
"VPNUfficio" #1: Informational Exchange message is invalid because it
has a previously used Message ID (0x6746a185)
"VPNUfficio" #1: next payload type of ISAKMP Hash Payload has an unknown
value: 103
"VPNUfficio" #1: malformed payload in packet
"VPNUfficio" #1: sending notification PAYLOAD_MALFORMED to
151.kk.ll.mm:500
"VPNUfficio" #1: next payload type of ISAKMP Hash Payload has an unknown
value: 95
"VPNUfficio" #1: malformed payload in packet
"VPNUfficio" #1: sending notification PAYLOAD_MALFORMED to
151.kk.ll.mm:500
"VPNUfficio" #1: next payload type of ISAKMP Hash Payload has an unknown
value: 79
"VPNUfficio" #1: malformed payload in packet
"VPNUfficio" #1: sending notification PAYLOAD_MALFORMED to
151.kk.ll.mm:500
"VPNUfficio" #1: max number of retransmissions (2) reached
STATE_MAIN_I3.  Possible authentication failure: no acceptable response
to our first encrypted message

what is the error?

thanks for your help
bye

ilpaso



More information about the Users mailing list