[Openswan Users] Aggressive mode fails at AI2 with packet rejected: should have been encrypted
mikes212 at intelligentvideo.tv
Thu Apr 28 13:31:38 EDT 2011
I am trying to make an aggressive mode connection from a dynamic ip to
OpenSwan 2.6.33 on a CentOS 5.5 box.
The secure log snippet shows:
"gw2040" a.b.c.d #3: STATE_AGGR_R1: sent AR1, expecting AI2
"gw2040" a.b.c.d #3: packet rejected: should have been encrypted
"gw2040" a.b.c.d #3: sending notification INVALID_FLAGS to a.b.c.d:500
"gw2040" a.b.c.d #3: Quick Mode message is unacceptable because it is
for an incomplete ISAKMP SA
| payload malformed after IV
| f2 d1 76 81 85 a6 d8 4f db e0 38 47 2c 16 26 1d
"gw2040" a.b.c.d #3: sending notification PAYLOAD_MALFORMED to
Linux Openswan U2.6.33/K2.6.18-194.32.1.el5xen (netkey)
The client/initiating router is a Virtual Access GW2040
I see the same issue using a Draytek 2930 as client instead.
The GW2040 can make a successful aggressive mode connection to the Draytek
Another OpenSwan machine as the client can connect fine.
rightid=abc at myrightid.com
I wonder if anyone has seen this before and can suggest a configuration
tweak to solve this?
More information about the Users