[Openswan Users] sending notification PAYLOAD_MALFORMED

Paul Young paul at arkig.com
Tue Sep 24 07:38:40 UTC 2013 

Hi all,

Well this is now fixed. I carefully (very carefully) re-read the man page -
http://linux.die.net/man/5/ipsec.secrets

and then modified my PSK files accordingly and am now back in business.


On 24 September 2013 10:35, Paul Young <paul at arkig.com> wrote:

> The host does not but the router it connects to the internet with does.
>
> It is a little bit of a stretch as the router connects to the internet by
> a 4G dongle. Which itself is doing things to make life difficult. For
> example it is not strictly addressable from the internet.
>
> So that is why I am trying to set up a host -> VPN server type of setup.
> Road runner basically.
>
> I am not referencing IPs in the secret file itself.
>
> I set an id and use that to relate the conf file to the secret file -
> @<blah> format.
>
> So for example in the conf file I have an entry like:
>
> leftid=@wow
>
> and in the secrets file associated with the conf file I have this format:
>
> @wow: PSK "asecret"
>
> and as far as I know that is part of the tie in
>
> Paul
>
>
> On 24 September 2013 10:24, Leto <letoams at gmail.com> wrote:
>
>> shouldn't be needed. Dos your host get a new IP on reboot and you use the
>> old ip in either ipsec.conf or ipsec.secrets?
>>
>>
>> sent from a tiny device
>>
>> On 2013-09-23, at 20:08, Paul Young <paul at arkig.com> wrote:
>>
>> The next things I did was change the PSK to something really simple - did
>> not change the symptoms.
>>
>> So now I have rebuilt the entire server on one side and am starting from
>> scratch. Which is bulls__t
>>
>> But I don't have much time to get this to work
>>
>>
>> On 24 September 2013 07:10, Paul Young <paul at arkig.com> wrote:
>>
>>> Hi Leto,
>>>
>>> Thanks for the reply. It looks ok and I basically generated the PSK with:
>>>
>>> ipsec ranbits --continuous 128
>>>
>>> Cheers,
>>> Paul
>>>
>>>
>>> On 24 September 2013 02:52, Leto <letoams at gmail.com> wrote:
>>>
>>>> try avoiding some strange characters in the psk. ensure you're not
>>>> mixing up ASCII vs hex?
>>>>
>>>> sent from a tiny device
>>>>
>>>> On 2013-09-23, at 10:09, Paul Young <paul at arkig.com> wrote:
>>>>
>>>> Hi Guys,
>>>>
>>>> What other reasons other than mismatched PSKs could cause this issue?
>>>>
>>>> Thanks
>>>>
>>>>
>>>> On 23 September 2013 18:46, Paul Young <paul at arkig.com> wrote:
>>>>
>>>>> I also just tried replacing the PSK on both sides and got the same
>>>>> issue continued
>>>>>
>>>>>
>>>>> On 23 September 2013 18:39, Paul Young <paul at arkig.com> wrote:
>>>>>
>>>>>> Hi all,
>>>>>>
>>>>>> After rebooting one side of my Openswan setup without changing config
>>>>>> and so on I am getting this error and cannot create a tunnel anymore.
>>>>>>
>>>>>> The reason I rebooted the host is I applied a bunch of firmware
>>>>>> updates to the hardware.
>>>>>>
>>>>>> Sep 23 18:33:23 lobster pluto[38968]: "conn"[11] <outside IP address>
>>>>>> #55: next payload type of ISAKMP Identification Payload has an unknown
>>>>>> value: 23
>>>>>> Sep 23 18:33:23 lobster pluto[38968]: "conn"[11] <outside IP address>
>>>>>> #55: probable authentication failure (mismatch of preshared secrets?):
>>>>>> malformed payload in packet
>>>>>> Sep 23 18:33:23 lobster pluto[38968]: | payload malformed after IV
>>>>>> Sep 23 18:33:23 lobster pluto[38968]: |   74 40 8b d3  5a 30 3e 52
>>>>>>  dc 54 26 a5  d9 88 bc e9
>>>>>> Sep 23 18:33:23 lobster pluto[38968]: |   e4 ea 8e 4b
>>>>>> Sep 23 18:33:23 lobster pluto[38968]: "conn"[11] <outside IP address>
>>>>>> #55: sending notification PAYLOAD_MALFORMED to <outside IP address>:500
>>>>>>
>>>>>> I have triple checked the PSK and it appears to be fine. What am I
>>>>>> missing?
>>>>>>
>>>>>> Thanks,
>>>>>> Paul
>>>>>>
>>>>>
>>>>>
>>>> _______________________________________________
>>>> Users at lists.openswan.org
>>>> https://lists.openswan.org/mailman/listinfo/users
>>>> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
>>>> Building and Integrating Virtual Private Networks with Openswan:
>>>> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>>>>
>>>>
>>>
>> _______________________________________________
>> Users at lists.openswan.org
>> https://lists.openswan.org/mailman/listinfo/users
>> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
>> Building and Integrating Virtual Private Networks with Openswan:
>> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20130924/641c83f8/attachment-0001.html>

More information about the Users mailing list