[Openswan Users] malfomed payload errors
David McCullough
David_Mccullough at securecomputing.com
Mon Oct 12 07:43:28 EDT 2009
Jivin Geoff Galitz lays it down ...
> > Jivin Geoff Galitz lays it down ...
> > > Good day,
> > >
> > > I am having trouble connecting to a Checkpoint FW-1. I don't have
> > access to the remote logs. Here is the debug output:
> > >
> > > http://pastebin.com/m3f98e30a
> > >
> > > The config file is:
> >
> > Which version of openswan are you using ?
>
> openswan-2.6.16-1.49.3 on OpenSUSE 11.1
There was a bug in 2.6 versions that caused these malformed payload errors.
I can't recall exact;y which version it was fixed in, but it is fixed in
2.6.23 and based on other bugs that were fixed for 2.6.23 I would recommend
using that version if you can.
Cheers,
Davidm
> > > ------------------------------------------------------------------------
> > ----------------------------------------
> > >
> > > version 2.0 # conforms to second version of ipsec.conf specification
> > >
> > >
> > >
> > > config setup
> > >
> > > plutodebug="control parsing emitting"
> > >
> > > nat_traversal=yes
> > >
> > > OE=off
> > >
> > > protostack=netkey
> > >
> > >
> > >
> > >
> > >
> > > conn remotet
> > >
> > >
> > >
> > > left=x.x.x.x # nat host ip
> > >
> > > leftid=x.x.x.x # public ip
> > >
> > > leftnexthop=%defaultroute
> > >
> > > right=x.x.x.x
> > >
> > > rightnexthop=%defaultroute
> > >
> > > auth=esp
> > >
> > > authby=secret
> > >
> > > auto=add
> > >
> > > pfs=yes
> > >
> > > ike=3des-sha1-modp1024
> > >
> > > esp=3des-sha1,aes-md5
> > >
> > > keyexchange=ike
> > >
> > > ikelifetime=1440m
> > >
> > > keylife=3660s
> > >
> > > # ikev2=yes
> > >
> > >
>
>
>
>
--
David McCullough, david_mccullough at securecomputing.com, Ph:+61 734352815
McAfee - SnapGear http://www.snapgear.com http://www.uCdot.org
More information about the Users
mailing list