[Openswan Users] Openswan and Netgear SRXN3205
JT Edwards
tstrike34 at gmail.com
Sun Aug 23 19:20:40 EDT 2009
I think I almost got this thing licked.... I built certs and applied them to the cacert and certs directory... My ipsec.conf looks like this (IPs hidden to protect the innocent):
##################### openswan config ##########################
# file: /etc/ipsec.conf
#
# openswan config for connecting openswan <-> netgear srxn3250
version 2.0 # conforms to version 2.0 and newer
config setup
plutodebug="none"
conn srxn3250
type=tunnel
authby=secret
keyexchange=ike
auto=start
pfs=no
aggrmode=yes
ike=3des-sha1-modp1024
esp=3des-sha1
# LOCAL
left=%defaultroute
leftsubnet=192.168.22.0/24
leftid=me at test1.me.org
# REMOTE
right=nextwave.org
rightsubnet=192.168.0.0/24
rightnexthop=%defaultroute # might be not necessary
rightid=tstrike29 at tordenlyn.org
###############################################################
################# openswan preshared key ######################
# file: /etc/ipsec.secrets
#
: PSK "yuckmiestersblahblah"
###############################################################
Ok I have the cert loaded into the Netgear router... I configured it's mode as aggressive and lined it up to match the settings from Openswan... when I make the VPN connection I get these in my secure log:
ransition from state STATE_MAIN_I1 to state STATE_MAIN_I2
Aug 22 12:06:08 whiskers8 pluto[18642]: "openswan-whiskers8-whiskerslyn-netgear" #3: STATE_MAIN_I2: sent MI2, expecting MR2
Aug 22 12:06:09 whiskers8 pluto[18642]: "openswan-whiskers8-whiskerslyn-netgear" #3: ignoring Vendor ID payload [KAME/racoon]
Aug 22 12:06:09 whiskers8 pluto[18642]: "openswan-whiskers8-whiskerslyn-netgear" #3: I am sending my cert
Aug 22 12:06:09 whiskers8 pluto[18642]: "openswan-whiskers8-whiskerslyn-netgear" #3: I am sending a certificate request
Aug 22 12:06:09 whiskers8 pluto[18642]: "openswan-whiskers8-whiskerslyn-netgear" #3: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
Aug 22 12:06:09 whiskers8 pluto[18642]: "openswan-whiskers8-whiskerslyn-netgear" #3: STATE_MAIN_I3: sent MI3, expecting MR3
Aug 22 12:06:09 whiskers8 pluto[18642]: "openswan-whiskers8-whiskerslyn-netgear" #3: next payload type of ISAKMP Hash Payload has an unknown value: 61
Aug 22 12:06:09 whiskers8 pluto[18642]: "openswan-whiskers8-whiskerslyn-netgear" #3: malformed payload in packet
Aug 22 12:06:09 whiskers8 pluto[18642]: | payload malformed after IV
Aug 22 12:06:09 whiskers8 pluto[18642]: | 31 8a 4a f0 bd 04 24 f0
Aug 22 12:06:09 whiskers8 pluto[18642]: "openswan-whiskers8-whiskerslyn-netgear" #3: sending notification PAYLOAD_MALFORMED to 12.234.22.224:500
Aug 22 12:06:19 whiskers8 pluto[18642]: "openswan-whiskers8-whiskerslyn-netgear" #3: discarding duplicate packet; already STATE_MAIN_I3
Aug 22 12:06:59 whiskers8 last message repeated 4 times
Aug 22 12:07:19 whiskers8 pluto[18642]: "openswan-whiskers8-whiskerslyn-netgear" #3: max number of retransmissions (2) reached STATE_MAIN_I3. Possible authentication failure: no acceptable response to our first encrypted message
Aug 22 13:31:29 whiskers8 pluto[18642]: shutting down
Aug 22 13:31:29 whiskers8 pluto[18642]: forgetting secrets
Aug 22 13:31:29 whiskers8 pluto[18642]: "openswan-whiskers8-whiskerslyn-netgear": deleting connection
Aug 22 13:31:29 whiskers8 pluto[18642]: "openswan-whiskers8-whiskerslyn-netgear": request to delete a unrouted policy with netkey kernel --- experimental
Aug 22 13:31:29 whiskers8 pluto[18642]: shutting down interface lo/lo ::1:500
Aug 22 13:31:29 whiskers8 pluto[18642]: shutting down interface lo/lo 127.0.0.1:4500
Aug 22 13:31:29 whiskers8 pluto[18642]: shutting down interface lo/lo 127.0.0.1:500
Aug 22 13:31:29 whiskers8 pluto[18642]: shutting down interface virbr0/virbr0 192.168.122.1:4500
Aug 22 13:31:29 whiskers8 pluto[18642]: shutting down interface virbr0/virbr0 192.168.122.1:500
Aug 22 13:31:29 whiskers8 pluto[18642]: shutting down interface eth0/eth0 22.123.34.56:4500
Aug 22 13:31:29 whiskers8 pluto[18642]: shutting down interface eth0/eth0 22.123.34.56:500
Aug 22 13:32:08 whiskers8 sshd[1899]: Accepted password for root from 12.234.22.224 port 55104 ssh2
Aug 22 13:32:08 whiskers8 sshd[1899]: pam_unix(sshd:session): session opened for user root by (uid=0)
Aug 22 13:32:53 whiskers8 sshd[2776]: Accepted password for root from 12.234.22.224 port 55124 ssh2
Aug 22 13:32:53 whiskers8 sshd[2776]: pam_unix(sshd:session): session opened for user root by (uid=0)
Aug 22 13:39:50 whiskers8 ipsec__plutorun: Starting Pluto subsystem...
Aug 22 13:39:50 whiskers8 pluto[9419]: Starting Pluto (Openswan Version 2.6.14; Vendor ID OEoSJUweaqAX) pid:9419
Aug 22 13:39:50 whiskers8 pluto[9419]: Setting NAT-Traversal port-4500 floating to on
Aug 22 13:39:50 whiskers8 pluto[9419]: port floating activation criteria nat_t=1/port_float=1
Aug 22 13:39:50 whiskers8 pluto[9419]: including NAT-Traversal patch (Version 0.6c)
Aug 22 13:39:50 whiskers8 pluto[9419]: using /dev/urandom as source of random entropy
Aug 22 13:39:50 whiskers8 pluto[9419]: ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0)
Aug 22 13:39:50 whiskers8 pluto[9419]: ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC: Ok (ret=0)
Aug 22 13:39:50 whiskers8 pluto[9419]: ike_alg_register_enc(): Activating OAKLEY_SERPENT_CBC: Ok (ret=0)
Aug 22 13:39:50 whiskers8 pluto[9419]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
Aug 22 13:39:50 whiskers8 pluto[9419]: ike_alg_register_enc(): Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0)
Aug 22 13:39:50 whiskers8 pluto[9419]: ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0)
Aug 22 13:39:50 whiskers8 pluto[9419]: ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0)
Aug 22 13:39:50 whiskers8 pluto[9419]: starting up 3 cryptographic helpers
Aug 22 13:39:50 whiskers8 pluto[9425]: using /dev/urandom as source of random entropy
Aug 22 13:39:50 whiskers8 pluto[9419]: started helper pid=9425 (fd:7)
Aug 22 13:39:50 whiskers8 pluto[9427]: using /dev/urandom as source of random entropy
Aug 22 13:39:50 whiskers8 pluto[9419]: started helper pid=9427 (fd:8)
Aug 22 13:39:50 whiskers8 pluto[9433]: using /dev/urandom as source of random entropy
Aug 22 13:39:50 whiskers8 pluto[9419]: started helper pid=9433 (fd:9)
Aug 22 13:39:50 whiskers8 pluto[9419]: Using Linux 2.6 IPsec interface code on 2.6.18-128.2.1.el5xen (experimental code)
Aug 22 13:39:50 whiskers8 pluto[9419]: ike_alg_register_enc(): WARNING: enc alg=0 not found in constants.c:oakley_enc_names
Aug 22 13:39:50 whiskers8 pluto[9419]: ike_alg_register_enc(): Activating <NULL>: Ok (ret=0)
Aug 22 13:39:50 whiskers8 pluto[9419]: ike_alg_register_enc(): WARNING: enc alg=0 not found in constants.c:oakley_enc_names
Aug 22 13:39:50 whiskers8 pluto[9419]: ike_alg_add(): ERROR: Algorithm already exists
Aug 22 13:39:50 whiskers8 pluto[9419]: ike_alg_register_enc(): Activating <NULL>: FAILED (ret=-17)
Aug 22 13:39:50 whiskers8 pluto[9419]: ike_alg_register_enc(): WARNING: enc alg=0 not found in constants.c:oakley_enc_names
Aug 22 13:39:50 whiskers8 pluto[9419]: ike_alg_add(): ERROR: Algorithm already exists
Aug 22 13:39:50 whiskers8 pluto[9419]: ike_alg_register_enc(): Activating <NULL>: FAILED (ret=-17)
Aug 22 13:39:50 whiskers8 pluto[9419]: ike_alg_register_enc(): WARNING: enc alg=0 not found in constants.c:oakley_enc_names
Aug 22 13:39:50 whiskers8 pluto[9419]: ike_alg_add(): ERROR: Algorithm already exists
Aug 22 13:39:50 whiskers8 pluto[9419]: ike_alg_register_enc(): Activating <NULL>: FAILED (ret=-17)
Aug 22 13:39:50 whiskers8 pluto[9419]: ike_alg_register_enc(): WARNING: enc alg=0 not found in constants.c:oakley_enc_names
Aug 22 13:39:50 whiskers8 pluto[9419]: ike_alg_add(): ERROR: Algorithm already exists
Aug 22 13:39:50 whiskers8 pluto[9419]: ike_alg_register_enc(): Activating <NULL>: FAILED (ret=-17)
Aug 22 13:39:50 whiskers8 pluto[9419]: ike_alg_register_enc(): WARNING: enc alg=0 not found in constants.c:oakley_enc_names
Aug 22 13:39:50 whiskers8 pluto[9419]: ike_alg_add(): ERROR: Algorithm already exists
Aug 22 13:39:50 whiskers8 pluto[9419]: ike_alg_register_enc(): Activating <NULL>: FAILED (ret=-17)
Aug 22 13:39:50 whiskers8 pluto[9419]: Changed path to directory '/etc/ipsec.d/cacerts'
Aug 22 13:39:50 whiskers8 pluto[9419]: loaded CA cert file 'ca-cert.pem' (1114 bytes)
Aug 22 13:39:50 whiskers8 pluto[9419]: no passphrase available
Aug 22 13:39:50 whiskers8 pluto[9419]: Could not change to directory '/etc/ipsec.d/aacerts': /
Aug 22 13:39:50 whiskers8 pluto[9419]: Could not change to directory '/etc/ipsec.d/ocspcerts': /
Aug 22 13:39:50 whiskers8 pluto[9419]: Could not change to directory '/etc/ipsec.d/crls'
Aug 22 13:39:50 whiskers8 pluto[9419]: Changing back to directory '/' failed - (2 No such file or directory)
Aug 22 13:39:50 whiskers8 pluto[9419]: Changing back to directory '/' failed - (2 No such file or directory)
Aug 22 13:39:50 whiskers8 pluto[9419]: loading certificate from ca-crl.pem
Aug 22 13:39:50 whiskers8 pluto[9419]: loaded host cert file '/etc/ipsec.d/certs/ca-crl.pem' (2476 bytes)
Aug 22 13:39:50 whiskers8 pluto[9419]: added connection description "openswan-whiskers8-whiskerslyn-netgear"
Aug 22 13:39:50 whiskers8 pluto[9419]: listening for IKE messages
Aug 22 13:39:50 whiskers8 pluto[9419]: adding interface eth0/eth0 22.123.34.56:500
Aug 22 13:39:50 whiskers8 pluto[9419]: adding interface eth0/eth0 22.123.34.56:4500
Aug 22 13:39:50 whiskers8 pluto[9419]: adding interface virbr0/virbr0 192.168.122.1:500
Aug 22 13:39:50 whiskers8 pluto[9419]: adding interface virbr0/virbr0 192.168.122.1:4500
Aug 22 13:39:50 whiskers8 pluto[9419]: adding interface lo/lo 127.0.0.1:500
Aug 22 13:39:50 whiskers8 pluto[9419]: adding interface lo/lo 127.0.0.1:4500
Aug 22 13:39:50 whiskers8 pluto[9419]: adding interface lo/lo ::1:500
Aug 22 13:39:50 whiskers8 pluto[9419]: loading secrets from "/etc/ipsec.secrets"
Aug 22 13:39:50 whiskers8 pluto[9419]: loading secrets from "/etc/ipsec.d/ipsec.secrets"
Aug 22 13:39:50 whiskers8 pluto[9419]: loaded private key file '/etc/ipsec.d/openswan.pem' (887 bytes)
Aug 22 13:39:50 whiskers8 pluto[9419]: loaded private key for keyid: PPK_RSA:AwEAAejdU
Aug 22 13:39:50 whiskers8 pluto[9419]: "openswan-whiskers8-whiskerslyn-netgear": request to add a prospective erouted policy with netkey kernel --- experimental
Aug 22 13:39:50 whiskers8 pluto[9419]: "openswan-whiskers8-whiskerslyn-netgear" #1: initiating Main Mode
Aug 22 13:39:51 whiskers8 pluto[9419]: "openswan-whiskers8-whiskerslyn-netgear" #1: ignoring unknown Vendor ID payload [3b9031dce4fcf88b489a923963dd0c49]
Aug 22 13:39:51 whiskers8 pluto[9419]: "openswan-whiskers8-whiskerslyn-netgear" #1: ignoring Vendor ID payload [KAME/racoon]
Aug 22 13:39:51 whiskers8 pluto[9419]: "openswan-whiskers8-whiskerslyn-netgear" #1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
Aug 22 13:39:51 whiskers8 pluto[9419]: "openswan-whiskers8-whiskerslyn-netgear" #1: STATE_MAIN_I2: sent MI2, expecting MR2
Aug 22 13:39:51 whiskers8 pluto[9419]: "openswan-whiskers8-whiskerslyn-netgear" #1: ignoring Vendor ID payload [KAME/racoon]
Aug 22 13:39:51 whiskers8 pluto[9419]: "openswan-whiskers8-whiskerslyn-netgear" #1: I am sending my cert
Aug 22 13:39:51 whiskers8 pluto[9419]: "openswan-whiskers8-whiskerslyn-netgear" #1: I am sending a certificate request
Aug 22 13:39:51 whiskers8 pluto[9419]: "openswan-whiskers8-whiskerslyn-netgear" #1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
Aug 22 13:39:51 whiskers8 pluto[9419]: "openswan-whiskers8-whiskerslyn-netgear" #1: STATE_MAIN_I3: sent MI3, expecting MR3
Aug 22 13:39:51 whiskers8 pluto[9419]: "openswan-whiskers8-whiskerslyn-netgear" #1: next payload type of ISAKMP Hash Payload has an unknown value: 67
Aug 22 13:39:51 whiskers8 pluto[9419]: "openswan-whiskers8-whiskerslyn-netgear" #1: malformed payload in packet
Aug 22 13:39:51 whiskers8 pluto[9419]: | payload malformed after IV
Aug 22 13:39:51 whiskers8 pluto[9419]: | 6b c1 3c 13 9b 4f 55 03
Aug 22 13:39:51 whiskers8 pluto[9419]: "openswan-whiskers8-whiskerslyn-netgear" #1: sending notification PAYLOAD_MALFORMED to 12.234.22.224:500
Aug 22 13:40:01 whiskers8 pluto[9419]: "openswan-whiskers8-whiskerslyn-netgear" #1: discarding duplicate packet; already STATE_MAIN_I3
Aug 22 13:40:41 whiskers8 last message repeated 4 times
Aug 22 13:41:01 whiskers8 pluto[9419]: "openswan-whiskers8-whiskerslyn-netgear" #1: max number of retransmissions (2) reached STATE_MAIN_I3. Possible authentication failure: no acceptable response to our first encrypted message
Aug 22 13:41:01 whiskers8 pluto[9419]: "openswan-whiskers8-whiskerslyn-netgear" #1: starting keying attempt 2 of at most 3
Aug 22 13:41:01 whiskers8 pluto[9419]: "openswan-whiskers8-whiskerslyn-netgear" #2: initiating Main Mode to replace #1
Aug 22 13:41:01 whiskers8 pluto[9419]: "openswan-whiskers8-whiskerslyn-netgear" #2: ignoring unknown Vendor ID payload [3b9031dce4fcf88b489a923963dd0c49]
Aug 22 13:41:01 whiskers8 pluto[9419]: "openswan-whiskers8-whiskerslyn-netgear" #2: ignoring Vendor ID payload [KAME/racoon]
Aug 22 13:41:01 whiskers8 pluto[9419]: "openswan-whiskers8-whiskerslyn-netgear" #2: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
Aug 22 13:41:01 whiskers8 pluto[9419]: "openswan-whiskers8-whiskerslyn-netgear" #2: STATE_MAIN_I2: sent MI2, expecting MR2
Aug 22 13:41:02 whiskers8 pluto[9419]: "openswan-whiskers8-whiskerslyn-netgear" #2: ignoring Vendor ID payload [KAME/racoon]
Aug 22 13:41:02 whiskers8 pluto[9419]: "openswan-whiskers8-whiskerslyn-netgear" #2: I am sending my cert
Aug 22 13:41:02 whiskers8 pluto[9419]: "openswan-whiskers8-whiskerslyn-netgear" #2: I am sending a certificate request
Aug 22 13:41:02 whiskers8 pluto[9419]: "openswan-whiskers8-whiskerslyn-netgear" #2: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
Aug 22 13:41:02 whiskers8 pluto[9419]: "openswan-whiskers8-whiskerslyn-netgear" #2: STATE_MAIN_I3: sent MI3, expecting MR3
Aug 22 13:41:02 whiskers8 pluto[9419]: "openswan-whiskers8-whiskerslyn-netgear" #2: next payload type of ISAKMP Hash Payload has an unknown value: 65
Aug 22 13:41:02 whiskers8 pluto[9419]: "openswan-whiskers8-whiskerslyn-netgear" #2: malformed payload in packet
Aug 22 13:41:02 whiskers8 pluto[9419]: | payload malformed after IV
Aug 22 13:41:02 whiskers8 pluto[9419]: | e7 c7 a5 28 42 12 59 b4
Aug 22 13:41:02 whiskers8 pluto[9419]: "openswan-whiskers8-whiskerslyn-netgear" #2: sending notification PAYLOAD_MALFORMED to 12.234.22.224:500
itiating Main Mode to replace #1
Aug 22 13:41:01 whiskers8 pluto[9419]: "openswan-whiskers8-whiskerslyn-netgear" #2: ignoring unknown Vendor ID payload [3b9031dce4fcf88b489a923963dd0c49]
Aug 22 13:41:01 whiskers8 pluto[9419]: "openswan-whiskers8-whiskerslyn-netgear" #2: ignoring Vendor ID payload [KAME/racoon]
Aug 22 13:41:01 whiskers8 pluto[9419]: "openswan-whiskers8-whiskerslyn-netgear" #2: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
Aug 22 13:41:01 whiskers8 pluto[9419]: "openswan-whiskers8-whiskerslyn-netgear" #2: STATE_MAIN_I2: sent MI2, expecting MR2
Aug 22 13:41:02 whiskers8 pluto[9419]: "openswan-whiskers8-whiskerslyn-netgear" #2: ignoring Vendor ID payload [KAME/racoon]
Aug 22 13:41:02 whiskers8 pluto[9419]: "openswan-whiskers8-whiskerslyn-netgear" #2: I am sending my cert
Aug 22 13:41:02 whiskers8 pluto[9419]: "openswan-whiskers8-whiskerslyn-netgear" #2: I am sending a certificate request
Aug 22 13:41:02 whiskers8 pluto[9419]: "openswan-whiskers8-whiskerslyn-netgear" #2: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
Aug 22 13:41:02 whiskers8 pluto[9419]: "openswan-whiskers8-whiskerslyn-netgear" #2: STATE_MAIN_I3: sent MI3, expecting MR3
Aug 22 13:41:02 whiskers8 pluto[9419]: "openswan-whiskers8-whiskerslyn-netgear" #2: next payload type of ISAKMP Hash Payload has an unknown value: 65
Aug 22 13:41:02 whiskers8 pluto[9419]: "openswan-whiskers8-whiskerslyn-netgear" #2: malformed payload in packet
Aug 22 13:41:02 whiskers8 pluto[9419]: | payload malformed after IV
Aug 22 13:41:02 whiskers8 pluto[9419]: | e7 c7 a5 28 42 12 59 b4
Aug 22 13:41:02 whiskers8 pluto[9419]: "openswan-whiskers8-whiskerslyn-netgear" #2: sending notification PAYLOAD_MALFORMED to 12.234.22.224:500
Aug 22 13:41:12 whiskers8 pluto[9419]: "openswan-whiskers8-whiskerslyn-netgear" #2: discarding duplicate packet; already STATE_MAIN_I3
Aug 22 13:41:52 whiskers8 last message repeated 4 times
Aug 22 13:42:12 whiskers8 pluto[9419]: "openswan-whiskers8-whiskerslyn-netgear" #2: max number of retransmissions (2) reached STATE_MAIN_I3. Possible authentication failure: no acceptable response to our first encrypted message
Aug 22 13:42:12 whiskers8 pluto[9419]: "openswan-whiskers8-whiskerslyn-netgear" #2: starting keying attempt 3 of at most 3
Aug 22 13:42:12 whiskers8 pluto[9419]: "openswan-whiskers8-whiskerslyn-netgear" #3: initiating Main Mode to replace #2
Aug 22 13:42:12 whiskers8 pluto[9419]: "openswan-whiskers8-whiskerslyn-netgear" #3: ignoring unknown Vendor ID payload [3b9031dce4fcf88b489a923963dd0c49]
Aug 22 13:42:12 whiskers8 pluto[9419]: "openswan-whiskers8-whiskerslyn-netgear" #3: ignoring Vendor ID payload [KAME/racoon]
Aug 22 13:42:12 whiskers8 pluto[9419]: "openswan-whiskers8-whiskerslyn-netgear" #3: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
Aug 22 13:42:12 whiskers8 pluto[9419]: "openswan-whiskers8-whiskerslyn-netgear" #3: STATE_MAIN_I2: sent MI2, expecting MR2
Aug 22 13:42:13 whiskers8 pluto[9419]: "openswan-whiskers8-whiskerslyn-netgear" #3: ignoring Vendor ID payload [KAME/racoon]
Aug 22 13:42:13 whiskers8 pluto[9419]: "openswan-whiskers8-whiskerslyn-netgear" #3: I am sending my cert
Aug 22 13:42:13 whiskers8 pluto[9419]: "openswan-whiskers8-whiskerslyn-netgear" #3: I am sending a certificate request
Aug 22 13:42:13 whiskers8 pluto[9419]: "openswan-whiskers8-whiskerslyn-netgear" #3: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
Aug 22 13:42:13 whiskers8 pluto[9419]: "openswan-whiskers8-whiskerslyn-netgear" #3: STATE_MAIN_I3: sent MI3, expecting MR3
Aug 22 13:42:13 whiskers8 pluto[9419]: "openswan-whiskers8-whiskerslyn-netgear" #3: byte 2 of ISAKMP Hash Payload must be zero, but is not
Aug 22 13:42:13 whiskers8 pluto[9419]: "openswan-whiskers8-whiskerslyn-netgear" #3: malformed payload in packet
Aug 22 13:42:13 whiskers8 pluto[9419]: | payload malformed after IV
Aug 22 13:42:13 whiskers8 pluto[9419]: | 94 39 d3 e8 8f b2 15 46
Aug 22 13:42:13 whiskers8 pluto[9419]: "openswan-whiskers8-whiskerslyn-netgear" #3: sending notification PAYLOAD_MALFORMED to 12.234.22.224:500
Ok this is what I get from Netgear:
2009 Aug 22 13:39:50 [SRXN3205] [IKE] Configuration found for 22.123.34.56[500]._
2009 Aug 22 13:39:50 [SRXN3205] [IKE] Received request for new phase 1 negotiation: 12.234.22.224[500]<=>22.123.34.56[500]_
2009 Aug 22 13:39:50 [SRXN3205] [IKE] Beginning Identity Protection mode._
2009 Aug 22 13:39:50 [SRXN3205] [IKE] Received unknown Vendor ID_
- Last output repeated 3 times -
2009 Aug 22 13:39:50 [SRXN3205] [IKE] Received Vendor ID: draft-ietf-ipsec-nat-t-ike-02__
2009 Aug 22 13:39:50 [SRXN3205] [IKE] Received unknown Vendor ID_
2009 Aug 22 13:39:51 [SRXN3205] [IKE] _
2009 Aug 22 13:39:51 [SRXN3205] [IKE] failed to get subjectAltName_
2009 Aug 22 13:39:51 [SRXN3205] [IKE] Sending Informational Exchange: notify payload[INVALID-CERTIFICATE]_
2009 Aug 22 13:39:51 [SRXN3205] [IKE] Ignore information because the message has no hash payload._
2009 Aug 22 13:40:01 [SRXN3205] [IKE] Received Malformed packet of payload length 47129 and total length 896._
- Last output repeated twice -
2009 Aug 22 13:40:51 [SRXN3205] [IKE] Phase 1 negotiation failed due to time up for 22.123.34.56[500]. 68d87053cd47ca7d:f63c79f3ab9eb9f0_
2009 Aug 22 13:41:01 [SRXN3205] [IKE] Configuration found for 22.123.34.56[500]._
2009 Aug 22 13:41:01 [SRXN3205] [IKE] Received request for new phase 1 negotiation: 12.234.22.224[500]<=>22.123.34.56[500]_
2009 Aug 22 13:41:01 [SRXN3205] [IKE] Beginning Identity Protection mode._
2009 Aug 22 13:41:01 [SRXN3205] [IKE] Received unknown Vendor ID_
- Last output repeated 3 times -
2009 Aug 22 13:41:01 [SRXN3205] [IKE] Received Vendor ID: draft-ietf-ipsec-nat-t-ike-02__
2009 Aug 22 13:41:01 [SRXN3205] [IKE] Received unknown Vendor ID_
2009 Aug 22 13:41:02 [SRXN3205] [IKE] _
2009 Aug 22 13:41:02 [SRXN3205] [IKE] failed to get subjectAltName_
2009 Aug 22 13:41:02 [SRXN3205] [IKE] Sending Informational Exchange: notify payload[INVALID-CERTIFICATE]_
2009 Aug 22 13:41:02 [SRXN3205] [IKE] Ignore information because the message has no hash payload._
2009 Aug 22 13:41:12 [SRXN3205] [IKE] Received Malformed packet of payload length 3943 and total length 896._
- Last output repeated twice -
2009 Aug 22 13:42:02 [SRXN3205] [IKE] Phase 1 negotiation failed due to time up for 22.123.34.56[500]. e402c68e7572d7ff:8b4106bf8a772257_
2009 Aug 22 13:42:12 [SRXN3205] [IKE] Configuration found for 22.123.34.56[500]._
2009 Aug 22 13:42:12 [SRXN3205] [IKE] Received request for new phase 1 negotiation: 12.234.22.224[500]<=>22.123.34.56[500]_
2009 Aug 22 13:42:12 [SRXN3205] [IKE] Beginning Identity Protection mode._
2009 Aug 22 13:42:12 [SRXN3205] [IKE] Received unknown Vendor ID_
- Last output repeated 3 times -
2009 Aug 22 13:42:12 [SRXN3205] [IKE] Received Vendor ID: draft-ietf-ipsec-nat-t-ike-02__
2009 Aug 22 13:42:12 [SRXN3205] [IKE] Received unknown Vendor ID_
2009 Aug 22 13:42:13 [SRXN3205] [IKE] _
2009 Aug 22 13:42:13 [SRXN3205] [IKE] failed to get subjectAltName_
2009 Aug 22 13:42:13 [SRXN3205] [IKE] Sending Informational Exchange: notify payload[INVALID-CERTIFICATE]_
2009 Aug 22 13:42:13 [SRXN3205] [IKE] Ignore information because the message has no hash payload._
2009 Aug 22 13:42:23 [SRXN3205] [IKE] Received Malformed packet of payload length 10579 and total length 896._
- Last output repeated twice -
2009 Aug 22 13:43:13 [SRXN3205] [IKE] Phase 1 negotiation failed due to time up for 22.123.34.56[500]. 4534cc75d0e8c5f5:5d9a4bd2419acb90_
Did I completely screw something up in my config?
Wait there is more, ipsec verify
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path [�[1;32mOK�[0;39m]
Linux Openswan U2.6.14/K2.6.18-128.2.1.el5xen (netkey)
Checking for IPsec support in kernel [�[1;32mOK�[0;39m]
NETKEY detected, testing for disabled ICMP send_redirects [�[1;31mFAILED�[0;39m]
Please disable /proc/sys/net/ipv4/conf/*/send_redirects
or NETKEY will cause the sending of bogus ICMP redirects!
NETKEY detected, testing for disabled ICMP accept_redirects [�[1;31mFAILED�[0;39m]
Please disable /proc/sys/net/ipv4/conf/*/accept_redirects
or NETKEY will accept bogus ICMP redirects!
Checking for RSA private key (/etc/ipsec.secrets) [�[1;32mOK�[0;39m]
Checking that pluto is running [�[1;32mOK�[0;39m]
Two or more interfaces found, checking IP forwarding [�[1;32mOK�[0;39m]
Checking NAT and MASQUERADEing
Checking for 'ip' command [�[1;32mOK�[0;39m]
Checking for 'iptables' command [�[1;32mOK�[0;39m]
Opportunistic Encryption DNS checks:
Looking for TXT in forward dns zone: whiskers8.me.org [�[1;31mMISSING�[0;39m]
Does the machine have at least one non-private address? [�[1;32mOK�[0;39m]
Looking for TXT in reverse dns zone: 6.137.198.209.in-addr.arpa. [�[1;31mMISSING�[0;39m]
Did I screw this up?
JT
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20090823/90281ae0/attachment-0001.html
More information about the Users
mailing list