[Openswan Users] What is the problem?

Andy andy at globalnetit.com
Wed Mar 28 09:15:42 EDT 2007 

On Wed, 2007-03-28 at 14:01 +0200, Magnus Holmberg wrote:
> It seems like my vpn connection have stopped working. Can someone tell 
> me what the problem seems to be?
> I cant think of anything changed in my end since it worked last time.
> 
> My log:
> 
> Mar 28 13:58:14 fw pluto[16617]: "MyConnection" #2: transition from 
> state STATE_MAIN_I1 to state STATE_MAIN_I2
> Mar 28 13:58:14 fw pluto[16617]: "MyConnection" #2: STATE_MAIN_I2: sent 
> MI2, expecting MR2
> Mar 28 13:58:14 fw pluto[16617]: "MyConnection" #2: ignoring unknown 
> Vendor ID payload [8f770f35da2b083ce66f4cb98ff43f5a]
> Mar 28 13:58:14 fw pluto[16617]: "MyConnection" #2: I did not send a 
> certificate because I do not have one.
> Mar 28 13:58:14 fw pluto[16617]: "MyConnection" #2: transition from 
> state STATE_MAIN_I2 to state STATE_MAIN_I3
> Mar 28 13:58:14 fw pluto[16617]: "MyConnection" #2: STATE_MAIN_I3: sent 
> MI3, expecting MR3
> Mar 28 13:58:14 fw pluto[16617]: "MyConnection" #2: next payload type of 
> ISAKMP Hash Payload has an unknown value: 24

I think your problem is here, it probably means your preshared key
doesn't match the peer's. Did  you change the key at one end but not the
other?

> Mar 28 13:58:14 fw pluto[16617]: "MyConnection" #2: malformed payload in 
> packet
> Mar 28 13:58:14 fw pluto[16617]: | payload malformed after IV
> Mar 28 13:58:14 fw pluto[16617]: |   85 b6 cb 12  ab 66 3b 53
> Mar 28 13:58:14 fw pluto[16617]: "MyConnection" #2: sending notification 
> PAYLOAD_MALFORMED to X.X.192.141:500
> Mar 28 13:58:14 fw pluto[16617]: "MyConnection" #2: Main mode peer ID is 
> ID_IPV4_ADDR: 'X.X.192.141'
> Mar 28 13:58:14 fw pluto[16617]: "MyConnection" #2: transition from 
> state STATE_MAIN_I3 to state STATE_MAIN_I4
> Mar 28 13:58:14 fw pluto[16617]: "MyConnection" #2: STATE_MAIN_I4: 
> ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY 
> cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp1024}
> Mar 28 13:58:14 fw pluto[16617]: "MyConnection" #2: Dead Peer Detection 
> (RFC 3706): not enabled because peer did not advertise it
> Mar 28 13:58:14 fw pluto[16617]: "MyConnection" #4: initiating Quick 
> Mode PSK+ENCRYPT+TUNNEL+PFS+UP {using isakmp#2}
> Mar 28 13:58:14 fw pluto[16617]: "MyConnection" #2: ignoring 
> informational payload, type NO_PROPOSAL_CHOSEN
> Mar 28 13:58:14 fw pluto[16617]: "MyConnection" #2: received and ignored 
> informational message
> 
> 
> 
> And config:
> 
> config setup
>         interfaces="ipsec0=eth0"
>         syslog=auth.debug
>         # Debug-logging controls:  "none" for (almost) none, "all" for lots.
>         klipsdebug=all
>         plutodebug=none
> 
> 
> # Add connections here.
> 
> conn MyConnection
>         authby=secret
>         #auto=start
>         auto=start
>         dpddelay=3
>         dpdtimeout=120
>         dpdaction=restart
>         rekey =yes
>         #keyingtries=3
>         keylife=30m
>         ikelifetime=30m
>         left=X.X.44.166
>         leftnexthop=%direct
>         leftsubnet=X.X.46.204/32
>         pfs=yes
>         right=X.X.192.141
>         rightid=X.X.192.141
>         rightnexthop=%direct
>         rightsubnet=X.X.192.68/32
> 
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan: 
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>

More information about the Users mailing list