[Openswan Users] STATE_MAIN_I3: sent MI3, expecting MR3, 002 #1: received 1 malformed payload notifies

simon charles charlessimon at hotmail.com
Tue Jun 12 17:10:20 EDT 2012 

Luis , 
   Please try this command and look for your peer id and its corresponding PSK
ipsec showhostkey --list

Alternatively  you could also try this PSK syntax in your ipsec.secrets.inc file

@ME.example.com @telefonica.example.com : PSK "somekey"

   Thanks. 

- Simon Charles - 


Date: Tue, 12 Jun 2012 14:49:52 -0600
From: lgramajo at empagua.com
To: charlessimon at hotmail.com
CC: users at lists.openswan.org
Subject: Re: [Openswan Users] STATE_MAIN_I3: sent MI3, expecting MR3, 002  #1: received 1 malformed payload notifies



  
    
    
  
  
    Simon,

    

    

    # this file is managed with debconf and will contain the
    automatically created RSA keys

    #include /var/lib/openswan/ipsec.secrets.inc

    #@telefonica.example.com @digitalgeko.example.com : PSK
    "iqUDB1unForT3hw21"

    @ME.example.com : PSK "somekey"

    @telefonica.example.com : PSK "somekey"

    

    

    And somekey is the key they sent me to build up de connection. Any
    ideas, thanks

    

    El 12/06/12 13:01, simon charles escribió:
    
      
      
        Please check your secrets file and ensure that you have 

        1) The correct syntax for the secrets file

        2) The correct pre-shared keys on both the vpn peers

             Thanks. 

        

        - Simon
            Charles - 

        

        

        > Date: Tue, 12 Jun 2012 12:49:43 -0600

          > From: lgramajo at empagua.com

          > To: users at lists.openswan.org

          > Subject: [Openswan Users] STATE_MAIN_I3: sent MI3,
          expecting MR3, 002 #1: received 1 malformed payload notifies

          > 

          > Hi everyone,

          > 

          > Ive been cracking my head the for the las day trying to
          figure this out.

          > 

          > When I start the ipsec service im getting:

          > 

          > 

          > ipsec_setup: Starting Openswan IPsec
          U2.6.28/K2.6.32-5-xen-amd64...

          > 000 initiating all conns with alias='telefonica'

          > 002 "telefonica/2x0" #1: initiating Main Mode

          > 104 "telefonica/2x0" #1: STATE_MAIN_I1: initiate

          > 002 "telefonica/2x0" #1: transition from state
          STATE_MAIN_I1 to state 

          > STATE_MAIN_I2

          > 106 "telefonica/2x0" #1: STATE_MAIN_I2: sent MI2,
          expecting MR2

          > 002 "telefonica/2x0" #1: transition from state
          STATE_MAIN_I2 to state 

          > STATE_MAIN_I3

          > 108 "telefonica/2x0" #1: STATE_MAIN_I3: sent MI3,
          expecting MR3

          > 002 "telefonica/2x0" #1: received 1 malformed payload
          notifies

          > 010 "telefonica/2x0" #1: STATE_MAIN_I3: retransmission;
          will wait 20s 

          > for response

          > 010 "telefonica/2x0" #1: STATE_MAIN_I3: retransmission;
          will wait 40s 

          > for response

          > 031 "telefonica/2x0" #1: max number of retransmissions
          (2) reached 

          > STATE_MAIN_I3. Possible authentication failure: no
          acceptable response 

          > to our first encrypted message

          > 

          > 

          > My config is as follows:

          > 

          > 

          > # basic configuration

          > config setup

          > interfaces="%defaultroute"

          > klipsdebug=none

          > plutodebug=none

          > #plutoload=%search

          > #plutostart=%search

          > plutostderrlog="/var/log/pluto.log"

          > protostack=netkey

          > # nhelpers=0

          > oe=no

          > 

          > # defaults that apply to all connection descriptions

          > conn %default

          > # How persistent to be in (re)keying negotiations (0
          means very).

          > keyingtries=0

          > # How to authenticate gatways

          > authby=secret

          > type=tunnel

          > 

          > conn telefonica

          > left=MY_PUBLIC_IP

          > leftsubnets={10.13.1.35/32 10.13.1.39/32}

          > leftid=@ME.example.com

          > # leftxauthclient=yes

          > right=THEIR_PUBLIC_IP

          > rightsubnet=192.168.144.3/32

          > # rightxauthserver=yes

          > rightid=@telefonica.example.com

          > keyingtries=1

          > pfs=no

          > aggrmode=no

          > auto=add

          > auth=esp

          > esp=3DES-SHA1

          > keyexchange=ike

          > ike=3DES-SHA1-modp1024

          > ikelifetime=24h

          > # keyingtries=3

          > keylife=1h

          > authby=secret

          > 

          > 

          > Can please someone point me in the right direction,
          thanks.

          > 

          > -- 

          > Luis Fernando Gramajo P.

          > Redes y Telecomunicaciones

          > Sistemas de Información EMPAGUA

          > 

          > _______________________________________________

          > Users at lists.openswan.org

          > https://lists.openswan.org/mailman/listinfo/users

          > Micropayments:
          https://flattr.com/thing/38387/IPsec-for-Linux-made-easy

          > Building and Integrating Virtual Private Networks with
          Openswan:

          >
          http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155

        
      
    
    

    -- 
Luis Fernando Gramajo P.
Redes y Telecomunicaciones
Sistemas de Información EMPAGUA
 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.openswan.org/pipermail/users/attachments/20120612/0341428e/attachment-0001.html>

More information about the Users mailing list