[Openswan Users] STATE_MAIN_I3: sent MI3, expecting MR3, 002 #1: received 1 malformed payload notifies
Luis Fernando Gramajo
lgramajo at empagua.com
Tue Jun 12 16:49:52 EDT 2012
Simon,
# this file is managed with debconf and will contain the automatically
created RSA keys
#include /var/lib/openswan/ipsec.secrets.inc
#@telefonica.example.com @digitalgeko.example.com : PSK "iqUDB1unForT3hw21"
@ME.example.com : PSK "somekey"
@telefonica.example.com : PSK "somekey"
And somekey is the key they sent me to build up de connection. Any
ideas, thanks
El 12/06/12 13:01, simon charles escribió:
> Please check your secrets file and ensure that you have
> 1) The correct syntax for the secrets file
> 2) The correct pre-shared keys on both the vpn peers
> Thanks.
>
> -Simon Charles -
>
>
> > Date: Tue, 12 Jun 2012 12:49:43 -0600
> > From: lgramajo at empagua.com
> > To: users at lists.openswan.org
> > Subject: [Openswan Users] STATE_MAIN_I3: sent MI3, expecting MR3,
> 002 #1: received 1 malformed payload notifies
> >
> > Hi everyone,
> >
> > Ive been cracking my head the for the las day trying to figure this out.
> >
> > When I start the ipsec service im getting:
> >
> >
> > ipsec_setup: Starting Openswan IPsec U2.6.28/K2.6.32-5-xen-amd64...
> > 000 initiating all conns with alias='telefonica'
> > 002 "telefonica/2x0" #1: initiating Main Mode
> > 104 "telefonica/2x0" #1: STATE_MAIN_I1: initiate
> > 002 "telefonica/2x0" #1: transition from state STATE_MAIN_I1 to state
> > STATE_MAIN_I2
> > 106 "telefonica/2x0" #1: STATE_MAIN_I2: sent MI2, expecting MR2
> > 002 "telefonica/2x0" #1: transition from state STATE_MAIN_I2 to state
> > STATE_MAIN_I3
> > 108 "telefonica/2x0" #1: STATE_MAIN_I3: sent MI3, expecting MR3
> > 002 "telefonica/2x0" #1: received 1 malformed payload notifies
> > 010 "telefonica/2x0" #1: STATE_MAIN_I3: retransmission; will wait 20s
> > for response
> > 010 "telefonica/2x0" #1: STATE_MAIN_I3: retransmission; will wait 40s
> > for response
> > 031 "telefonica/2x0" #1: max number of retransmissions (2) reached
> > STATE_MAIN_I3. Possible authentication failure: no acceptable response
> > to our first encrypted message
> >
> >
> > My config is as follows:
> >
> >
> > # basic configuration
> > config setup
> > interfaces="%defaultroute"
> > klipsdebug=none
> > plutodebug=none
> > #plutoload=%search
> > #plutostart=%search
> > plutostderrlog="/var/log/pluto.log"
> > protostack=netkey
> > # nhelpers=0
> > oe=no
> >
> > # defaults that apply to all connection descriptions
> > conn %default
> > # How persistent to be in (re)keying negotiations (0 means very).
> > keyingtries=0
> > # How to authenticate gatways
> > authby=secret
> > type=tunnel
> >
> > conn telefonica
> > left=MY_PUBLIC_IP
> > leftsubnets={10.13.1.35/32 10.13.1.39/32}
> > leftid=@ME.example.com
> > # leftxauthclient=yes
> > right=THEIR_PUBLIC_IP
> > rightsubnet=192.168.144.3/32
> > # rightxauthserver=yes
> > rightid=@telefonica.example.com
> > keyingtries=1
> > pfs=no
> > aggrmode=no
> > auto=add
> > auth=esp
> > esp=3DES-SHA1
> > keyexchange=ike
> > ike=3DES-SHA1-modp1024
> > ikelifetime=24h
> > # keyingtries=3
> > keylife=1h
> > authby=secret
> >
> >
> > Can please someone point me in the right direction, thanks.
> >
> > --
> > Luis Fernando Gramajo P.
> > Redes y Telecomunicaciones
> > Sistemas de Información EMPAGUA
> >
> > _______________________________________________
> > Users at lists.openswan.org
> > https://lists.openswan.org/mailman/listinfo/users
> > Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> > Building and Integrating Virtual Private Networks with Openswan:
> > http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
--
Luis Fernando Gramajo P.
Redes y Telecomunicaciones
Sistemas de Información EMPAGUA
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.openswan.org/pipermail/users/attachments/20120612/e136c1ef/attachment.html>
More information about the Users
mailing list