[Openswan Users] openswan with sonicwall, payload malformed
paul pantages
pdp at centinasystems.com
Mon Oct 1 00:54:07 EDT 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello Paul W,
Thank you for the suggestions, unfortunately, upgrading to 2.4.9 did not
change the behaviour.
I also tried the modecfgpull=yes ( I also tried adding
leftmodecfgclient=yes ) but no luck with either of these.
I still see the "Mode Config message is unacceptable..."; This might
indicate that modecfgpull is not going to work?
ipsec verify asked me to turn off "enforced SElinux mode" which I also
tried.
I will check the Sonicwall f/w version at work Monday.
Thanks again for the suggestions;
PdP
Paul Wouters wrote:
> On Sat, 29 Sep 2007, paul pantages wrote:
>
>> [root at rigel pdp]# ipsec verify
>> Checking your system to see if IPsec got installed and started correctly:
>> Version check and ipsec on-path [OK]
>> Linux Openswan U2.4.5/K2.6.20-1.2962.fc6 (netkey)
>
> You should upgrade and try this with openswan 2.4.9.
>
>> conn myclient
>> left=172.16.1.35
>> leftsubnet=172.16.1.35/32
>
> Leave out the leftsubnet. Otherwise it seems fine.
> You could try adding modecfgpull=yes?
>
>> STATE_MAIN_I3
>> 108 "myclient" #1: STATE_MAIN_I3: sent MI3, expecting MR3
>> 003 "myclient" #1: Mode Config message is unacceptable because it is for
>> an incomplete ISAKMP SA (state=STATE_MAIN_I3)
>
> Odd. That might to suggest a buggy implementation on the Sonic Wall. Can
> you see if you are running the latest firmware?
>
> Paul
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFHAH1uGpzL0LBlXDcRAhmuAKC1OGg6H6V1rgiMuK6rBJNefq8KngCg+ERq
axiLVgGeK6pO82qj7x91+KY=
=Ddif
-----END PGP SIGNATURE-----
More information about the Users
mailing list