[Openswan Users] Problem with Openswan 2.4.6 and WinXP roadwarrior PAYLOAD_MALFORMED
Frank Schmirler
osusers at schmirler.de
Fri Jun 27 09:07:43 EDT 2008
On Thu, 26 Jun 2008 16:01:40 +0200, beheer wrote
> * Unable to connect (public IP yy.yy.yy.yy):
Here the first packet came in using the NATT port 61347:
> Jun 25 10:37:14 vpnserver pluto[5586]: "roadwarrior-cert-net"[56]
> yy.yy.yy.yy #102: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
>
> Jun 25 10:37:14 vpnserver pluto[5586]: | NAT-T: new mapping
> yy.yy.yy.yy:173/61374)
And here Openswan sends out its first reply using port 61347:
> Jun 25 10:37:14 vpnserver pluto[5586]: "roadwarrior-cert-net"[56]
> yy.yy.yy.yy #102: STATE_MAIN_R3: sent MR3, ISAKMP SA established
> {auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp2048}
But the client keeps retransmitting the previous message, so obviously
Openswan's first port 61347 didn't reach the client:
> Jun 25 10:37:16 vpnserver pluto[5586]: "roadwarrior-cert-net"[56]
> yy.yy.yy.yy #102: retransmitting in response to duplicate packet;
> already STATE_MAIN_R3
> Jun 25 10:37:18 vpnserver pluto[5586]: "roadwarrior-cert-net"[56]
> yy.yy.yy.yy #102: retransmitting in response to duplicate packet;
> already STATE_MAIN_R3
> Jun 25 10:37:22 vpnserver pluto[5586]: "roadwarrior-cert-net"[56]
> yy.yy.yy.yy #102: discarding duplicate packet -- exhausted
> retransmission; already STATE_MAIN_R3
> I see that on the failing case ports are not 500 and 4500. Can that
> be the cause? Same laptop can connect from other networks, so I
> think is something on the firewall/router of the other network-end.
> Any ideas?
Probably some firewall issue, yes.
Frank
More information about the Users
mailing list