[Openswan Users] OT IPSec -- L2TPD/Xauth

Elison Niven elison.niven at elitecore.com
Tue Oct 16 06:38:51 EDT 2012


You need to apply this patch openswan-android-ics-natoa.patch available 
from 
http://code.google.com/p/android/issues/attachmentText?id=23124&aid=231240180000&name=openswan-android-ics-natoa.patch.

On Tuesday 16 October 2012 03:44:56 PM IST, Erich Titl wrote:
> Hi Folks
>
> this is the actual situation of an attempt to connect to my gateway from
> an Android device using the on board ipsec-l2tp method.
>
> ....
> Oct 16 10:04:20 sentinel pluto[21312]: "mega-rw"[1] 195.141.2.242 #1:
> NAT-Traversal: Result using RFC 3947 (NAT-Traversal): peer is NATed
> Oct 16 10:04:20 sentinel pluto[21312]: "mega-rw"[1] 195.141.2.242 #1:
> transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
> Oct 16 10:04:20 sentinel pluto[21312]: "mega-rw"[1] 195.141.2.242 #1:
> STATE_MAIN_R2: sent MR2, expecting MI3
> Oct 16 10:04:20 sentinel pluto[21312]: "mega-rw"[1] 195.141.2.242 #1:
> Main mode peer ID is ID_DER_ASN1_DN: 'C=CH, L=Schlieren, O=Ruf Group,
> CN=Erich Titl, E=erich.titl at ruf.ch'
> Oct 16 10:04:20 sentinel pluto[21312]: "mega-rw"[1] 195.141.2.242 #1: I
> am sending my cert
> Oct 16 10:04:20 sentinel pluto[21312]: "mega-rw"[1] 195.141.2.242 #1:
> transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
> Oct 16 10:04:20 sentinel pluto[21312]: "mega-rw"[1] 195.141.2.242 #1:
> new NAT mapping for #1, was 195.141.2.242:500, now 195.141.2.242:4500
> Oct 16 10:04:20 sentinel pluto[21312]: "mega-rw"[1] 195.141.2.242 #1:
> STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_RSA_SIG
> cipher=aes_256 prf=oakley_sha group=modp1024}
> Oct 16 10:04:20 sentinel pluto[21312]: "mega-rw"[1] 195.141.2.242 #1:
> ignoring informational payload, type IPSEC_INITIAL_CONTACT msgid=00000000
> Oct 16 10:04:20 sentinel pluto[21312]: "mega-rw"[1] 195.141.2.242 #1:
> received and ignored informational message
> Oct 16 10:04:21 sentinel pluto[21312]: "mega-rw"[1] 195.141.2.242 #1:
> byte 7 of ISAKMP NAT-OA Payload must be zero, but is not
> Oct 16 10:04:21 sentinel pluto[21312]: "mega-rw"[1] 195.141.2.242 #1:
> malformed payload in packet
> Oct 16 10:04:21 sentinel pluto[21312]: | payload malformed after IV
> Oct 16 10:04:21 sentinel pluto[21312]: |   60 c0 2b c9  71 9d 72 86  00
> f9 8c 38  c2 7c 63 ba
> Oct 16 10:04:21 sentinel pluto[21312]: "mega-rw"[1] 195.141.2.242 #1:
> sending notification PAYLOAD_MALFORMED to 195.141.2.242:4500
> Oct 16 10:04:24 sentinel pluto[21312]: "mega-rw"[1] 195.141.2.242 #1:
> byte 7 of ISAKMP NAT-OA Payload must be zero, but is not
> Oct 16 10:04:24 sentinel pluto[21312]: "mega-rw"[1] 195.141.2.242 #1:
> malformed payload in packet
> Oct 16 10:04:24 sentinel pluto[21312]: | payload malformed after IV
> Oct 16 10:04:24 sentinel pluto[21312]: |   60 c0 2b c9  71 9d 72 86  00
> f9 8c 38  c2 7c 63 ba
> Oct 16 10:04:24 sentinel pluto[21312]: "mega-rw"[1] 195.141.2.242 #1:
> sending notification PAYLOAD_MALFORMED to 195.141.2.242:4500
>
> Maybe the malformed PAYLOAD results from a missing patch.
>
> Thanks
>
> Erich
>
>
>
> _______________________________________________
> Users at lists.openswan.org
> https://lists.openswan.org/mailman/listinfo/users
> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155

--
Best Regards,
Elison Niven


More information about the Users mailing list