[Openswan Users] openswan with sonicwall, payload malformed

Paul Wouters paul at xelerance.com
Sat Sep 29 17:53:21 EDT 2007

On Sat, 29 Sep 2007, paul pantages wrote:

> [root at rigel pdp]# ipsec verify
> Checking your system to see if IPsec got installed and started correctly:
> Version check and ipsec on-path                                 [OK]
> Linux Openswan U2.4.5/K2.6.20-1.2962.fc6 (netkey)

You should upgrade and try this with openswan 2.4.9.

> conn myclient
>       left=
>       leftsubnet=

Leave out the leftsubnet. Otherwise it seems fine.
You could try adding modecfgpull=yes?

> 108 "myclient" #1: STATE_MAIN_I3: sent MI3, expecting MR3
> 003 "myclient" #1: Mode Config message is unacceptable because it is for
> an incomplete ISAKMP SA (state=STATE_MAIN_I3)

Odd. That might to suggest a buggy implementation on the Sonic Wall. Can
you see if you are running the latest firmware?

Building and integrating Virtual Private Networks with Openswan:

More information about the Users mailing list