[Openswan Users] Linux (debian lenny) client to Checkpoint Firewall NGx R65 using certificates - secureclient ok, openswan ko - PAYLOAD_MALFORMED

Luca Arzeni l.arzeni at gmail.com
Thu May 13 12:16:14 EDT 2010

administrator said that all people is now using certificates, and no
one is using securID, so I'm the (un)lucky guy.

I goggled around a little about ISAKMP_NEXT_N and found that

ISAKMP_NEXT_N is an always-welcome payload_type (Notification)
ISAKMP_NEXT_D is an always-welcome payload_type (Delete)

Now, I recall that I've read that, after a successfull connection, CP
sends some packets to see if connection is properly established. If I
could ignore them, and go ahead, probably the connection would
What do you think about this? Do I need to patch openswan to reach this goal?
Thanks, Luca

On Thu, May 13, 2010 at 3:04 PM, Ondrej Valousek <webserv at s3group.cz> wrote:
>> My wild guess is that the your Checkpoint only accepts SecurID clients and
>> not authentication using certificates.
> Yes, that's probably it. At main mode, your CP responds with ISAKMP_NEXT_N
> (which I do not know what it is) whereas it should respond with
> ISAKMP_NEXT_KE (which is most likely Key Exchange request -Paul to
> clarify...)
> O.

More information about the Users mailing list