[Openswan Users] next payload type of ISAKMP Hash Payload has an unknown value

Paul Wouters paul at xelerance.com
Thu Feb 8 11:50:05 EST 2007


On Thu, 8 Feb 2007, Brett Curtis wrote:

> A windows machine is unavailable to me right now. However I have
> imported my p12 into my OSX keychain and I am getting different
> results. I do plain on getting back to the windows machine.
>
> I do get a SA Established however fail to finish the connection.
>
> Feb  8 11:17:26 breakout pluto[10055]: "roadwarrior-osx-xp"[4]
> 172.17.187.76 #2: STATE_MAIN_R3: sent MR3, ISAKMP SA established
> {auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192 prf=oakley_sha
> group=modp1024}
> Feb  8 11:17:26 breakout pluto[10055]: "roadwarrior-osx-xp"[4]
> 172.17.187.76 #2: ignoring informational payload, type
> INVALID_CERT_AUTHORITYFeb  8 11:17:26 breakout pluto[10055]:
> "roadwarrior-osx-xp"[4] 172.17.187.76 #2: received and ignored
> informational message

> Does this mean Something is incorrect with my cacert? When staring
> openswan it claims it loads fine.

For L2TP, OSX requires that the DNS name or IP of the server is part
of the subjectAltname= of the X.509 certificate. Perhaps this is what
you are running into?

What do the logs on OSX say?

Paul


More information about the Users mailing list