[Openswan Users] malfomed payload errors

Geoff Galitz geoff at galitz.org
Mon Oct 12 11:03:39 EDT 2009 


> Jivin Geoff Galitz lays it down ...
> > > Jivin Geoff Galitz lays it down ...
> > > > Good day,
> > > >
> > > > I am having trouble connecting to a Checkpoint FW-1.  I don't have
> > > access to the remote logs.  Here is the debug output:
> > > >
> > > > http://pastebin.com/m3f98e30a
> > > >
> > > > The config file is:
> > >
> > > Which version of openswan are you using ?
> >
> > openswan-2.6.16-1.49.3 on OpenSUSE 11.1
> 

I just built and upgraded to openswan-2.6.23-1 but the malformed payload
error remains.



> There was a bug in 2.6 versions that caused these malformed payload
> errors.
> I can't recall exact;y which version it was fixed in,  but it is fixed in
> 2.6.23 and based on other bugs that were fixed for 2.6.23 I would
> recommend
> using that version if you can.
> 
> Cheers,
> Davidm
> 
> > > > --------------------------------------------------------------------
> ----
> > > ----------------------------------------
> > > >
> > > > version 2.0     # conforms to second version of ipsec.conf
> specification
> > > >
> > > >
> > > >
> > > > config setup
> > > >
> > > >         plutodebug="control parsing emitting"
> > > >
> > > >         nat_traversal=yes
> > > >
> > > >         OE=off
> > > >
> > > >         protostack=netkey
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > conn remotet
> > > >
> > > >
> > > >
> > > >         left=x.x.x.x  # nat host ip
> > > >
> > > >         leftid=x.x.x.x # public ip
> > > >
> > > >         leftnexthop=%defaultroute
> > > >
> > > >         right=x.x.x.x
> > > >
> > > >         rightnexthop=%defaultroute
> > > >
> > > >         auth=esp
> > > >
> > > >         authby=secret
> > > >
> > > >         auto=add
> > > >
> > > >         pfs=yes
> > > >
> > > >         ike=3des-sha1-modp1024
> > > >
> > > >         esp=3des-sha1,aes-md5
> > > >
> > > >         keyexchange=ike
> > > >
> > > >         ikelifetime=1440m
> > > >
> > > >         keylife=3660s
> > > >
> > > > #      ikev2=yes
> > > >
> > > >
> >
> >
> >
> >
> 
> --
> David McCullough,  david_mccullough at securecomputing.com,  Ph:+61 734352815
> McAfee - SnapGear  http://www.snapgear.com
> http://www.uCdot.org

More information about the Users mailing list