[Openswan Users] next payload type of ISAKMP Hash Payload has an unknown value

Brett Curtis dashnu at gmail.com
Sat Jan 13 14:54:50 EST 2007 

Hello,

Versions: openswan-2.4.7 / 2.6.18-gentoo-r3
x86_64 arch

I am trying to switch my VPN over to x509 certs from PSK this weekend  
while down time is allowed.

I have followed Nate's Guide and everything as far as creating the  
certs went well. My openswan loads all the correct certs and starts  
up fine.
I imported my .p12 into windows both by hand and with the  
certimport.exe tool. This seemed to work fine in both cases.

However when I try to connect I get the windows 786 lt2p error and  
this in my openswan logs.

Jan 13 14:49:30 defender64 pluto[6562]: packet from  
74.65.156.181:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY  
00000004]
Jan 13 14:49:30 defender64 pluto[6562]: packet from  
74.65.156.181:500: ignoring Vendor ID payload [FRAGMENTATION]
Jan 13 14:49:30 defender64 pluto[6562]: packet from  
74.65.156.181:500: received Vendor ID payload [draft-ietf-ipsec-nat-t- 
ike-02_n] method set to=106
Jan 13 14:49:30 defender64 pluto[6562]: packet from  
74.65.156.181:500: ignoring Vendor ID payload [Vid-Initial-Contact]
Jan 13 14:49:30 defender64 pluto[6562]: "roadwarrior-osx-xp"[1]  
74.65.156.181 #1: responding to Main Mode from unknown peer  
74.65.156.181
Jan 13 14:49:30 defender64 pluto[6562]: "roadwarrior-osx-xp"[1]  
74.65.156.181 #1: transition from state STATE_MAIN_R0 to state  
STATE_MAIN_R1
Jan 13 14:49:30 defender64 pluto[6562]: "roadwarrior-osx-xp"[1]  
74.65.156.181 #1: STATE_MAIN_R1: sent MR1, expecting MI2
Jan 13 14:49:30 defender64 pluto[6562]: "roadwarrior-osx-xp"[1]  
74.65.156.181 #1: NAT-Traversal: Result using draft-ietf-ipsec-nat-t- 
ike-02/03: peer is NATed
Jan 13 14:49:30 defender64 pluto[6562]: "roadwarrior-osx-xp"[1]  
74.65.156.181 #1: transition from state STATE_MAIN_R1 to state  
STATE_MAIN_R2
Jan 13 14:49:30 defender64 pluto[6562]: "roadwarrior-osx-xp"[1]  
74.65.156.181 #1: STATE_MAIN_R2: sent MR2, expecting MI3
Jan 13 14:49:30 defender64 pluto[6562]: "roadwarrior-osx-xp"[1]  
74.65.156.181 #1: next payload type of ISAKMP Hash Payload has an  
unknown value: 51
Jan 13 14:49:30 defender64 pluto[6562]: "roadwarrior-osx-xp"[1]  
74.65.156.181 #1: malformed payload in packet
Jan 13 14:49:30 defender64 pluto[6562]: | payload malformed after IV
Jan 13 14:49:30 defender64 pluto[6562]: |   e7 12 22 63  76 fe 09 0c   
0e 2a b9 ec  7b 5e 1b 52
Jan 13 14:49:30 defender64 pluto[6562]: |   9a c7 1f 66
Jan 13 14:49:30 defender64 pluto[6562]: "roadwarrior-osx-xp"[1]  
74.65.156.181 #1: sending notification PAYLOAD_MALFORMED to  
74.65.156.181:500
Jan 13 14:49:30 defender64 pluto[6562]: "roadwarrior-osx-xp"[1]  
74.65.156.181 #1: next payload type of ISAKMP Hash Payload has an  
unknown value: 39
Jan 13 14:49:30 defender64 pluto[6562]: "roadwarrior-osx-xp"[1]  
74.65.156.181 #1: malformed payload in packet
Jan 13 14:50:40 defender64 pluto[6562]: "roadwarrior-osx-xp"[1]  
74.65.156.181 #1: max number of retransmissions (2) reached  
STATE_MAIN_R2
Jan 13 14:50:40 defender64 pluto[6562]: "roadwarrior-osx-xp"[1]  
74.65.156.181: deleting connection "roadwarrior-osx-xp" instance with  
peer 74.65.156.181 {isakmp=#0/ipsec=#0}

I have searched these errors for a few hours now with no luck.

Thanks for any help.

-Brett

More information about the Users mailing list