[Openswan Users] STATE_MAIN_I3: sent MI3, expecting MR3, 002 #1: received 1 malformed payload notifies

Luis Fernando Gramajo lgramajo at empagua.com
Tue Jun 12 14:49:43 EDT 2012


Hi everyone,

Ive been cracking my head the for the las day trying to figure this out.

When I start the ipsec service im getting:


ipsec_setup: Starting Openswan IPsec U2.6.28/K2.6.32-5-xen-amd64...
000 initiating all conns with alias='telefonica'
002 "telefonica/2x0" #1: initiating Main Mode
104 "telefonica/2x0" #1: STATE_MAIN_I1: initiate
002 "telefonica/2x0" #1: transition from state STATE_MAIN_I1 to state 
STATE_MAIN_I2
106 "telefonica/2x0" #1: STATE_MAIN_I2: sent MI2, expecting MR2
002 "telefonica/2x0" #1: transition from state STATE_MAIN_I2 to state 
STATE_MAIN_I3
108 "telefonica/2x0" #1: STATE_MAIN_I3: sent MI3, expecting MR3
002 "telefonica/2x0" #1: received 1 malformed payload notifies
010 "telefonica/2x0" #1: STATE_MAIN_I3: retransmission; will wait 20s 
for response
010 "telefonica/2x0" #1: STATE_MAIN_I3: retransmission; will wait 40s 
for response
031 "telefonica/2x0" #1: max number of retransmissions (2) reached 
STATE_MAIN_I3.  Possible authentication failure: no acceptable response 
to our first encrypted message


My config is as follows:


# basic configuration
config setup
         interfaces="%defaultroute"
         klipsdebug=none
         plutodebug=none
         #plutoload=%search
         #plutostart=%search
         plutostderrlog="/var/log/pluto.log"
     protostack=netkey
#    nhelpers=0
     oe=no

# defaults that apply to all connection descriptions
conn %default
         # How persistent to be in (re)keying negotiations (0 means very).
         keyingtries=0
         # How to authenticate gatways
         authby=secret
     type=tunnel

conn telefonica
     left=MY_PUBLIC_IP
     leftsubnets={10.13.1.35/32 10.13.1.39/32}
     leftid=@ME.example.com
#    leftxauthclient=yes
     right=THEIR_PUBLIC_IP
     rightsubnet=192.168.144.3/32
#    rightxauthserver=yes
     rightid=@telefonica.example.com
     keyingtries=1
     pfs=no
     aggrmode=no
     auto=add
     auth=esp
     esp=3DES-SHA1
     keyexchange=ike
     ike=3DES-SHA1-modp1024
     ikelifetime=24h
#    keyingtries=3
     keylife=1h
     authby=secret


Can please someone point me in the right direction, thanks.

-- 
Luis Fernando Gramajo P.
Redes y Telecomunicaciones
Sistemas de Información EMPAGUA



More information about the Users mailing list