[Openswan Users] STATE_MAIN_I3: sent MI3, expecting MR3, 002 #1: received 1 malformed payload notifies
simon charles
charlessimon at hotmail.com
Tue Jun 12 15:01:25 EDT 2012
Please check your secrets file and ensure that you have
1) The correct syntax for the secrets file
2) The correct pre-shared keys on both the vpn peers
Thanks.
- Simon Charles -
> Date: Tue, 12 Jun 2012 12:49:43 -0600
> From: lgramajo at empagua.com
> To: users at lists.openswan.org
> Subject: [Openswan Users] STATE_MAIN_I3: sent MI3, expecting MR3, 002 #1: received 1 malformed payload notifies
>
> Hi everyone,
>
> Ive been cracking my head the for the las day trying to figure this out.
>
> When I start the ipsec service im getting:
>
>
> ipsec_setup: Starting Openswan IPsec U2.6.28/K2.6.32-5-xen-amd64...
> 000 initiating all conns with alias='telefonica'
> 002 "telefonica/2x0" #1: initiating Main Mode
> 104 "telefonica/2x0" #1: STATE_MAIN_I1: initiate
> 002 "telefonica/2x0" #1: transition from state STATE_MAIN_I1 to state
> STATE_MAIN_I2
> 106 "telefonica/2x0" #1: STATE_MAIN_I2: sent MI2, expecting MR2
> 002 "telefonica/2x0" #1: transition from state STATE_MAIN_I2 to state
> STATE_MAIN_I3
> 108 "telefonica/2x0" #1: STATE_MAIN_I3: sent MI3, expecting MR3
> 002 "telefonica/2x0" #1: received 1 malformed payload notifies
> 010 "telefonica/2x0" #1: STATE_MAIN_I3: retransmission; will wait 20s
> for response
> 010 "telefonica/2x0" #1: STATE_MAIN_I3: retransmission; will wait 40s
> for response
> 031 "telefonica/2x0" #1: max number of retransmissions (2) reached
> STATE_MAIN_I3. Possible authentication failure: no acceptable response
> to our first encrypted message
>
>
> My config is as follows:
>
>
> # basic configuration
> config setup
> interfaces="%defaultroute"
> klipsdebug=none
> plutodebug=none
> #plutoload=%search
> #plutostart=%search
> plutostderrlog="/var/log/pluto.log"
> protostack=netkey
> # nhelpers=0
> oe=no
>
> # defaults that apply to all connection descriptions
> conn %default
> # How persistent to be in (re)keying negotiations (0 means very).
> keyingtries=0
> # How to authenticate gatways
> authby=secret
> type=tunnel
>
> conn telefonica
> left=MY_PUBLIC_IP
> leftsubnets={10.13.1.35/32 10.13.1.39/32}
> leftid=@ME.example.com
> # leftxauthclient=yes
> right=THEIR_PUBLIC_IP
> rightsubnet=192.168.144.3/32
> # rightxauthserver=yes
> rightid=@telefonica.example.com
> keyingtries=1
> pfs=no
> aggrmode=no
> auto=add
> auth=esp
> esp=3DES-SHA1
> keyexchange=ike
> ike=3DES-SHA1-modp1024
> ikelifetime=24h
> # keyingtries=3
> keylife=1h
> authby=secret
>
>
> Can please someone point me in the right direction, thanks.
>
> --
> Luis Fernando Gramajo P.
> Redes y Telecomunicaciones
> Sistemas de Información EMPAGUA
>
> _______________________________________________
> Users at lists.openswan.org
> https://lists.openswan.org/mailman/listinfo/users
> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.openswan.org/pipermail/users/attachments/20120612/372bffec/attachment.html>
More information about the Users
mailing list