[Openswan Users] During rekeying, Ignoring informational payload, type UNEQUAL_PAYLOAD_LENGTHS on st==NULL (deleted?)

SaRaVanAn saravanan.nagarajan87 at gmail.com
Tue Mar 20 12:51:31 EDT 2012 

Hi Paul,
   During Rekeying, I got the below error message in openswan

Mar 20 21:49:44 uxcasxxx pluto[7655]: "north-east" #29: received Vendor ID
payload [RFC 3947] method set to=109
Mar 20 21:49:44 uxcasxxx pluto[7655]: "north-east" #29: enabling possible
NAT-traversal with method 4
Mar 20 21:49:44 uxcasxxx pluto[7655]: "north-east" #29: transition from
state STATE_MAIN_I1 to state STATE_MAIN_I2
Mar 20 21:49:44 uxcasxxx pluto[7655]: "north-east" #29: STATE_MAIN_I2: sent
MI2, expecting MR2
Mar 20 21:49:44 uxcasxxx pluto[7655]: "north-east" #29: NAT-Traversal:
Result using RFC 3947 (NAT-Traversal): no NAT detected
Mar 20 21:49:44 uxcasxxx pluto[7655]: "north-east" #29: transition from
state STATE_MAIN_I2 to state STATE_MAIN_I3
Mar 20 21:49:44 uxcasxxx pluto[7655]: "north-east" #29: STATE_MAIN_I3: sent
MI3, expecting MR3
Mar 20 21:49:44 uxcasxxx pluto[7655]: packet from 172.31.114.226:500:
ignoring informational payload, type UNEQUAL_PAYLOAD_LENGTHS on st==NULL
(deleted?)
Mar 20 21:49:44 uxcasxxx pluto[7655]: packet from 172.31.114.226:500:
received and ignored informational message
Mar 20 21:49:54 uxcasxxx pluto[7655]: "north-east" #29: discarding
duplicate packet; already STATE_MAIN_I3
Mar 20 21:50:04 uxcasxxx pluto[7655]: "north-east" #26: ISAKMP SA expired
(LATEST!)
Mar 20 21:50:04 uxcasxxx pluto[7655]: "north-east" #29: discarding
duplicate packet; already STATE_MAIN_I3
Mar 20 21:50:14 uxcasxxx pluto[7655]: "north-east" #28: IPsec SA expired
(LATEST!)
Mar 20 21:50:14 uxcasxxx pluto[7655]: "north-east" #29: discarding
duplicate packet; already STATE_MAIN_I3
Mar 20 21:50:55 uxcasxxx pluto[7655]: "north-east" #29: max number of
retransmissions (2) reached STATE_MAIN_I3.  Possible authentication
failure: no acceptable response to our first encrypted message

The problem has got solved after some time, but because of this I ended up
in packet loss of considerable time.

Topology
++++++

DUT( Third party vpn)                   Peer(Openswan)
172.31.114.226  ----------------------------------    172.31.114.227

ipsec.conf
+++++++
        # Debug-logging controls:  "none" for (almost) none, "all" for lots.
        # klipsdebug=none
        # plutodebug="control parsing"
        # For Red Hat Enterprise Linux and Fedora, leave protostack=netkey
        protostack=netkey
        nat_traversal=yes
        virtual_private=
        oe=off
        # Enable this if you see "failed to find any available worker"
        nhelpers=0
        interfaces=%defaultroute

conn north-east
    type=transport
    left=172.31.114.226
    right=172.31.114.227
    keyexchange=ike
    auto=add
    authby=secret
    pfs=no
    rekey=yes
    ikelifetime=30s
    keylife=30s
    keyingtries=0

ipsec.secrets
++++++++++
172.31.114.226 172.31.114.227: PSK "mypresharedkey"

Please help me to narrow down this problem.

Regards,
Saravanan N
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.openswan.org/pipermail/users/attachments/20120320/eccb15d3/attachment.html>

More information about the Users mailing list