[Openswan Users] sending notification PAYLOAD_MALFORMED

Paul Young paul at arkig.com
Tue Sep 24 00:35:26 UTC 2013 

The host does not but the router it connects to the internet with does.

It is a little bit of a stretch as the router connects to the internet by a
4G dongle. Which itself is doing things to make life difficult. For example
it is not strictly addressable from the internet.

So that is why I am trying to set up a host -> VPN server type of setup.
Road runner basically.

I am not referencing IPs in the secret file itself.

I set an id and use that to relate the conf file to the secret file -
@<blah> format.

So for example in the conf file I have an entry like:

leftid=@wow

and in the secrets file associated with the conf file I have this format:

@wow: PSK "asecret"

and as far as I know that is part of the tie in

Paul


On 24 September 2013 10:24, Leto <letoams at gmail.com> wrote:

> shouldn't be needed. Dos your host get a new IP on reboot and you use the
> old ip in either ipsec.conf or ipsec.secrets?
>
>
> sent from a tiny device
>
> On 2013-09-23, at 20:08, Paul Young <paul at arkig.com> wrote:
>
> The next things I did was change the PSK to something really simple - did
> not change the symptoms.
>
> So now I have rebuilt the entire server on one side and am starting from
> scratch. Which is bulls__t
>
> But I don't have much time to get this to work
>
>
> On 24 September 2013 07:10, Paul Young <paul at arkig.com> wrote:
>
>> Hi Leto,
>>
>> Thanks for the reply. It looks ok and I basically generated the PSK with:
>>
>> ipsec ranbits --continuous 128
>>
>> Cheers,
>> Paul
>>
>>
>> On 24 September 2013 02:52, Leto <letoams at gmail.com> wrote:
>>
>>> try avoiding some strange characters in the psk. ensure you're not
>>> mixing up ASCII vs hex?
>>>
>>> sent from a tiny device
>>>
>>> On 2013-09-23, at 10:09, Paul Young <paul at arkig.com> wrote:
>>>
>>> Hi Guys,
>>>
>>> What other reasons other than mismatched PSKs could cause this issue?
>>>
>>> Thanks
>>>
>>>
>>> On 23 September 2013 18:46, Paul Young <paul at arkig.com> wrote:
>>>
>>>> I also just tried replacing the PSK on both sides and got the same
>>>> issue continued
>>>>
>>>>
>>>> On 23 September 2013 18:39, Paul Young <paul at arkig.com> wrote:
>>>>
>>>>> Hi all,
>>>>>
>>>>> After rebooting one side of my Openswan setup without changing config
>>>>> and so on I am getting this error and cannot create a tunnel anymore.
>>>>>
>>>>> The reason I rebooted the host is I applied a bunch of firmware
>>>>> updates to the hardware.
>>>>>
>>>>> Sep 23 18:33:23 lobster pluto[38968]: "conn"[11] <outside IP address>
>>>>> #55: next payload type of ISAKMP Identification Payload has an unknown
>>>>> value: 23
>>>>> Sep 23 18:33:23 lobster pluto[38968]: "conn"[11] <outside IP address>
>>>>> #55: probable authentication failure (mismatch of preshared secrets?):
>>>>> malformed payload in packet
>>>>> Sep 23 18:33:23 lobster pluto[38968]: | payload malformed after IV
>>>>> Sep 23 18:33:23 lobster pluto[38968]: |   74 40 8b d3  5a 30 3e 52  dc
>>>>> 54 26 a5  d9 88 bc e9
>>>>> Sep 23 18:33:23 lobster pluto[38968]: |   e4 ea 8e 4b
>>>>> Sep 23 18:33:23 lobster pluto[38968]: "conn"[11] <outside IP address>
>>>>> #55: sending notification PAYLOAD_MALFORMED to <outside IP address>:500
>>>>>
>>>>> I have triple checked the PSK and it appears to be fine. What am I
>>>>> missing?
>>>>>
>>>>> Thanks,
>>>>> Paul
>>>>>
>>>>
>>>>
>>> _______________________________________________
>>> Users at lists.openswan.org
>>> https://lists.openswan.org/mailman/listinfo/users
>>> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
>>> Building and Integrating Virtual Private Networks with Openswan:
>>> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>>>
>>>
>>
> _______________________________________________
> Users at lists.openswan.org
> https://lists.openswan.org/mailman/listinfo/users
> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20130924/3a7dfbb8/attachment.html>

More information about the Users mailing list