[Openswan Users] Problem to connect Android phone and ipsec/xl2tp

Eduardo Rosales jimbodoors94 at gmail.com
Wed Jun 27 19:23:36 EDT 2012 

Hi, I'm tryaing to connect Android phone whit ipsec/xl2tp but always have
this problems in the log:

Jun 27 17:16:49 mail pluto[28459]: "L2TP-PSK-NAT"[25] 190.181.129.34 #20:
sending notification PAYLOAD_MALFORMED to 190.181.129.34:4500
Jun 27 17:16:52 mail pluto[28459]: | processing connection L2TP-PSK-NAT[25]
190.181.129.34
Jun 27 17:16:52 mail pluto[28459]: "L2TP-PSK-NAT"[25] 190.181.129.34 #20:
byte 7 of ISAKMP NAT-OA Payload must be zero, but is not
Jun 27 17:16:52 mail pluto[28459]: "L2TP-PSK-NAT"[25] 190.181.129.34 #20:
malformed payload in packet
Jun 27 17:16:52 mail pluto[28459]: | payload malformed after IV
Jun 27 17:16:52 mail pluto[28459]: |   19 63 c9 4c  a7 85 4d cd  09 17 18
65  f4 c5 24 60
Jun 27 17:16:52 mail pluto[28459]: "L2TP-PSK-NAT"[25] 190.181.129.34 #20:
sending notification PAYLOAD_MALFORMED to 190.181.129.34:4500
Jun 27 17:16:55 mail pluto[28459]: | processing connection L2TP-PSK-NAT[25]
190.181.129.34
Jun 27 17:16:55 mail pluto[28459]: "L2TP-PSK-NAT"[25] 190.181.129.34 #20:
byte 7 of ISAKMP NAT-OA Payload must be zero, but is not
Jun 27 17:16:55 mail pluto[28459]: "L2TP-PSK-NAT"[25] 190.181.129.34 #20:
malformed payload in packet
Jun 27 17:16:55 mail pluto[28459]: | payload malformed after IV
Jun 27 17:16:55 mail pluto[28459]: |   19 63 c9 4c  a7 85 4d cd  09 17 18
65  f4 c5 24 60
Jun 27 17:16:55 mail pluto[28459]: "L2TP-PSK-NAT"[25] 190.181.129.34 #20:
sending notification PAYLOAD_MALFORMED to 190.181.129.34:4500
Jun 27 17:16:57 mail pluto[28459]: | processing connection L2TP-PSK-NAT[25]
190.181.129.34
Jun 27 17:16:57 mail pluto[28459]: | processing connection L2TP-PSK-NAT[25]
190.181.129.34
Jun 27 17:16:57 mail pluto[28459]: | event added at head of queue
Jun 27 17:16:58 mail pluto[28459]: | processing connection L2TP-PSK-NAT[25]
190.181.129.34
Jun 27 17:16:58 mail pluto[28459]: "L2TP-PSK-NAT"[25] 190.181.129.34 #20:
byte 7 of ISAKMP NAT-OA Payload must be zero, but is not
Jun 27 17:16:58 mail pluto[28459]: "L2TP-PSK-NAT"[25] 190.181.129.34 #20:
malformed payload in packet
Jun 27 17:16:58 mail pluto[28459]: | payload malformed after IV
Jun 27 17:16:58 mail pluto[28459]: |   19 63 c9 4c  a7 85 4d cd  09 17 18
65  f4 c5 24 60
Jun 27 17:16:58 mail pluto[28459]: "L2TP-PSK-NAT"[25] 190.181.129.34 #20:
sending notification PAYLOAD_MALFORMED to 190.181.129.34:4500
Jun 27 17:17:01 mail CRON[12126]: pam_unix(cron:session): session opened
for user root by (uid=0)
Jun 27 17:17:01 mail CRON[12126]: pam_unix(cron:session): session closed
for user root
Jun 27 17:17:01 mail pluto[28459]: | processing connection L2TP-PSK-NAT[25]
190.181.129.34
Jun 27 17:17:01 mail pluto[28459]: "L2TP-PSK-NAT"[25] 190.181.129.34 #20:
byte 7 of ISAKMP NAT-OA Payload must be zero, but is not
Jun 27 17:17:01 mail pluto[28459]: "L2TP-PSK-NAT"[25] 190.181.129.34 #20:
malformed payload in packet
Jun 27 17:17:01 mail pluto[28459]: | payload malformed after IV
Jun 27 17:17:01 mail pluto[28459]: |   19 63 c9 4c  a7 85 4d cd  09 17 18
65  f4 c5 24 60
Jun 27 17:17:01 mail pluto[28459]: "L2TP-PSK-NAT"[25] 190.181.129.34 #20:
sending notification PAYLOAD_MALFORMED to 190.181.129.34:4500
Jun 27 17:17:04 mail pluto[28459]: | processing connection L2TP-PSK-NAT[25]
190.181.129.34
Jun 27 17:17:04 mail pluto[28459]: "L2TP-PSK-NAT"[25] 190.181.129.34 #20:
byte 7 of ISAKMP NAT-OA Payload must be zero, but is not
Jun 27 17:17:04 mail pluto[28459]: "L2TP-PSK-NAT"[25] 190.181.129.34 #20:
malformed payload in packet
Jun 27 17:17:04 mail pluto[28459]: | payload malformed after IV
Jun 27 17:17:04 mail pluto[28459]: |   19 63 c9 4c  a7 85 4d cd  09 17 18
65  f4 c5 24 60
Jun 27 17:17:04 mail pluto[28459]: "L2TP-PSK-NAT"[25] 190.181.129.34 #20:
sending notification PAYLOAD_MALFORMED to 190.181.129.34:4500
Jun 27 17:17:09 mail pluto[28459]: initiate on demand from
190.181.129.37:1701 to 190.181.129.34:40078 proto=17 state: fos_start
because: acquire
Jun 27 17:17:17 mail pluto[28459]: | processing connection L2TP-PSK-NAT[25]
190.181.129.34
Jun 27 17:17:17 mail pluto[28459]: | processing connection L2TP-PSK-NAT[25]
190.181.129.34
Jun 27 17:17:17 mail pluto[28459]: | event added after event
EVENT_PENDING_DDNS
Jun 27 17:17:17 mail pluto[28459]: | rejected packet:
Jun 27 17:17:17 mail pluto[28459]: |   ff
Jun 27 17:17:17 mail pluto[28459]: | control:
Jun 27 17:17:17 mail pluto[28459]: |   18 00 00 00  00 00 00 00  08 00 00
00  03 00 00 00
Jun 27 17:17:17 mail pluto[28459]: |   be b5 81 25  be b5 81 25  2c 00 00
00  00 00 00 00
Jun 27 17:17:17 mail pluto[28459]: |   0b 00 00 00  6f 00 00 00  02 03 03
00  00 00 00 00
Jun 27 17:17:17 mail pluto[28459]: |   00 00 00 00  02 00 00 00  be b5 81
22  00 00 00 00
Jun 27 17:17:17 mail pluto[28459]: |   00 00 00 00
Jun 27 17:17:17 mail pluto[28459]: | name:
Jun 27 17:17:17 mail pluto[28459]: |   02 00 11 94  be b5 81 22  00 00 00
00  00 00 00 00
Jun 27 17:17:22 mail pluto[28459]: | event added after event
EVENT_NAT_T_KEEPALIVE

My ipsec.conf is this:

config setup
        nat_traversal=yes
        #virtual_private=%v4:
10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!10.152.2.0/24
        #virtual_private=%4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:!192.168.0.0/24
        virtual_private=%v4:
192.168.0.0/16,%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v4:!10.254.253.0/24,%v4:!172.16.8.0/16
        protostack=netkey
        oe=off
        #nhelpers=0
        plutodebug=controlmore

conn L2TP-PSK-NAT
        rightsubnet=vhost:%priv
        also=L2TP-PSK-noNAT

conn L2TP-PSK-noNAT
        authby=secret
        #phase2=esp
        #phase2alg=aes128-sha1;modp1024
        pfs=no
        auto=add
        keyingtries=3
        rekey=no
        dpddelay=30
        dpdtimeout=120
        ikelifetime=8h
        keylife=1h
        type=transport
        left=190.181.129.37
        leftnexthop=190.181.129.33
leftprotoport=17/1701
        right=%any
        rightprotoport=17/%any
        forceencaps=yes

#conn passthrough-for-non-l2tp
        #type=passthrough
        #left=1721.21.1.10
        #leftnexthop=172.21.1.1
        #right=0.0.0.0
        #rightsubnet=0.0.0.0/0
        #auto=route


-- 
Ubuntu es una palabra africana que quiere decir: "Gente que no pudo
instalar Debian"
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.openswan.org/pipermail/users/attachments/20120627/37069935/attachment-0001.html>

More information about the Users mailing list