[Openswan Users] openswan with sonicwall, payload malformed
kincera at gmail.com
Tue Oct 2 09:14:18 EDT 2007
To clarify, I think it was the other way around. Sonicwall didn't like
Openswan saying "hey, I've got my own IP address here, thank you"
On 10/1/07, paul pantages <pdp at centinasystems.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> Hello Paul W,
> Thank you for the suggestions, unfortunately, upgrading to 2.4.9 did not
> change the behaviour.
> I also tried the modecfgpull=yes ( I also tried adding
> leftmodecfgclient=yes ) but no luck with either of these.
> I still see the "Mode Config message is unacceptable..."; This might
> indicate that modecfgpull is not going to work?
> ipsec verify asked me to turn off "enforced SElinux mode" which I also
> I will check the Sonicwall f/w version at work Monday.
> Thanks again for the suggestions;
> Paul Wouters wrote:
> > On Sat, 29 Sep 2007, paul pantages wrote:
> >> [root at rigel pdp]# ipsec verify
> >> Checking your system to see if IPsec got installed and started
> >> Version check and ipsec on-path [OK]
> >> Linux Openswan U2.4.5/K2.6.20-1.2962.fc6 (netkey)
> > You should upgrade and try this with openswan 2.4.9.
> >> conn myclient
> >> left=172.16.1.35
> >> leftsubnet=172.16.1.35/32
> > Leave out the leftsubnet. Otherwise it seems fine.
> > You could try adding modecfgpull=yes?
> >> STATE_MAIN_I3
> >> 108 "myclient" #1: STATE_MAIN_I3: sent MI3, expecting MR3
> >> 003 "myclient" #1: Mode Config message is unacceptable because it is
> >> an incomplete ISAKMP SA (state=STATE_MAIN_I3)
> > Odd. That might to suggest a buggy implementation on the Sonic Wall. Can
> > you see if you are running the latest firmware?
> > Paul
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.7 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> -----END PGP SIGNATURE-----
> Users at openswan.org
> Building and Integrating Virtual Private Networks with Openswan:
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users