[Openswan Users] Tunnel Constantly Restarting -error: not enough room in input packet for ISAKMP Message

Robyn Orosz rorosz at gmail.com
Fri Feb 6 14:41:09 EST 2009 

Hi,

This issue was related to compression.

I had the following in my conn definition on the Openswan side:

compress=yes

I set compress=no and the problem went away.

The original problem was seen on an Openswan device that was connected to a
provider PIX version 6.3(3).  They were not willing to run debugging on
their PIX as there are other working customers connected to it.  I set this
up in my lab with a PIX running version 6.3(4).  This version of PIX would
not even come up with compression enabled and the debug messages were less
than helpful.  In the Openswan logs, it looked like phase 1 established fine
but phase 2 was "no proposal chosen".

So anyway, if you're connected to a PIX, don't enable compression. ;-)

I'm so glad this is solved.  I'm hoping it'll be a long time before I have
to mess around with another PIX.  What a PITA!

-Robyn

On Tue, Feb 3, 2009 at 11:45 AM, Robyn Orosz <rorosz at gmail.com> wrote:

> Hi,
>
> I'm connected to a Cisco PIX device and am able to establish a tunnel but
> the tunnel appears to be constantly restarting and the following messages
> keep repeating in the logs:
>
> Feb  3 19:40:41 host pluto[19854]: | payload malformed after IV
> Feb  3 19:40:41 host pluto[19854]: |
> Feb  3 19:40:41 host pluto[19854]: packet from 192.168.18.150:500: sending
> notification PAYLOAD_MALFORMED to 192.168.18.150:500
> Feb  3 19:40:46 host pluto[19854]: packet from 192.168.18.150:500: not
> enough room in input packet for ISAKMP Message (remain=0, sd->size=28)
>
> I have searched and searched and have not found any possible solutions for
> this issue.  The proposals appear to match on both sides as the tunnel does
> establish and pass traffic.  It just keeps bouncing.
>
> I can send debug level messages or provide more information if needed.
>
> Here's the version / kernel info:
>
> Linux Openswan U2.4.12/K2.6.24-1-486-vyatta (netkey)
>
> Thank you,
>
> Robyn
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20090206/3c637af0/attachment.html

More information about the Users mailing list