[Openswan Users] PAYLOAD_MALFORMED when connecting to CheckPoint VPN-1

Eugene Kotlyarov ekot at narod.ru
Sun Mar 8 12:19:19 EDT 2009 

Hi

I am trying to connect openswan on Ubuntu to Checkpoint and get following 
error in /var/log/auth.log
Openswan version is 2.4.12

Could anyone help me with it?
Is it worth to install newer version of openswan?

2009-03-08 18:43:19	ekot-desktop	pluto[13721]	| *received 620 bytes from 
x.x.x.x:500 on ppp0 (port=500)
2009-03-08 18:43:19	ekot-desktop	pluto[13721]	|  processing packet with 
exchange type=ISAKMP_XCHG_IDPROT (2)
2009-03-08 18:43:19	ekot-desktop	pluto[13721]	| ICOOKIE:  89 33 97 35  10 3b 
a7 3c
2009-03-08 18:43:19	ekot-desktop	pluto[13721]	| RCOOKIE:  4e 9c 44 60  94 9a 
6b 13
2009-03-08 18:43:19	ekot-desktop	pluto[13721]	| peer:  c2 92 77 fe
2009-03-08 18:43:19	ekot-desktop	pluto[13721]	| state hash entry 29
2009-03-08 18:43:19	ekot-desktop	pluto[13721]	| peer and cookies match on 
#1, provided msgid 00000000 vs 00000000
2009-03-08 18:43:19	ekot-desktop	pluto[13721]	| state object #1 found, in 
STATE_MAIN_I2
2009-03-08 18:43:19	ekot-desktop	pluto[13721]	| processing connection 
checkpoint-openswan
2009-03-08 18:43:19	ekot-desktop	pluto[13721]	"checkpoint-openswan" #1: more 
than 20 payloads in message; ignored
2009-03-08 18:43:19	ekot-desktop	pluto[13721]	| payload malformed after IV
2009-03-08 18:43:19	ekot-desktop	pluto[13721]	|
2009-03-08 18:43:19	ekot-desktop	pluto[13721]	"checkpoint-openswan" #1: 
sending notification PAYLOAD_MALFORMED to x.x.x.x:500

connection configuration

conn checkpoint-openswan
         type=tunnel
         # Left side is Check Point
         left=x.x.x.x
         leftcert=checkpoint_cl_cert.pem
         leftsubnet=10.45.0.111/32
         # leftnexthop=
         leftsendcert=no
         # Right side is FreeS/WAN
         right=77.50.36.0
         rightid="/O=cpmng..b3s9qc/OU=users/CN=ekot"
         # rightnexthop=
         keyexchange=ike
	authby=rsasig
         auth=esp
         auto=start
         # Optional specify encryption/hash methods for phase 1 & 2
         ike=3des-md5-modp1024
         esp=3des-md5
         # Disable Perfect Forward Secrecy, if not working proper
         #pfs=no
         # Optional enable compression (if working)
         #compress=yes

More information about the Users mailing list