[Openswan Users] sending notification PAYLOAD_MALFORMED

Paul Young paul at arkig.com
Tue Sep 24 07:45:35 UTC 2013 

Yep that is pretty much the case Nick - agreed

Thanks all


On 24 September 2013 17:39, Nick Howitt <n1ck.h0w1tt at gmail.com> wrote:

> **
>
> For you "roadwarrior", if you only have one tunnel at the other end, use
> right=%any and %any in ipsec.secrets. Then right is identified only by the
> secret and the rightsubnet. Do not use rightid to identify the device
> unless you use aggressive mode as tightid is not transmitted in phase1/main
> mode.
>
> On 2013-09-24 01:35, Paul Young wrote:
>
> The host does not but the router it connects to the internet with does.
>
> It is a little bit of a stretch as the router connects to the internet by
> a 4G dongle. Which itself is doing things to make life difficult. For
> example it is not strictly addressable from the internet.
>
> So that is why I am trying to set up a host -> VPN server type of setup.
> Road runner basically.
>
> I am not referencing IPs in the secret file itself.
>
> I set an id and use that to relate the conf file to the secret file -
> @<blah> format.
>
> So for example in the conf file I have an entry like:
>
> leftid=@wow
>
> and in the secrets file associated with the conf file I have this format:
>
> @wow: PSK "asecret"
>
> and as far as I know that is part of the tie in
>
> Paul
>
>
> On 24 September 2013 10:24, Leto <letoams at gmail.com> wrote:
>
>>  shouldn't be needed. Dos your host get a new IP on reboot and you use
>> the old ip in either ipsec.conf or ipsec.secrets?
>>
>>
>> sent from a tiny device
>>
>> On 2013-09-23, at 20:08, Paul Young <paul at arkig.com> wrote:
>>
>>  The next things I did was change the PSK to something really simple -
>> did not change the symptoms.
>>
>> So now I have rebuilt the entire server on one side and am starting from
>> scratch. Which is bulls__t
>>
>> But I don't have much time to get this to work
>>
>>
>> On 24 September 2013 07:10, Paul Young <paul at arkig.com> wrote:
>>
>>> Hi Leto,
>>>
>>> Thanks for the reply. It looks ok and I basically generated the PSK with:
>>>
>>> ipsec ranbits --continuous 128
>>>
>>> Cheers,
>>> Paul
>>>
>>>
>>> On 24 September 2013 02:52, Leto <letoams at gmail.com> wrote:
>>>
>>>>  try avoiding some strange characters in the psk. ensure you're not
>>>> mixing up ASCII vs hex?
>>>>
>>>> sent from a tiny device
>>>>
>>>> On 2013-09-23, at 10:09, Paul Young <paul at arkig.com> wrote:
>>>>
>>>>  Hi Guys,
>>>>
>>>> What other reasons other than mismatched PSKs could cause this issue?
>>>>
>>>> Thanks
>>>>
>>>>
>>>> On 23 September 2013 18:46, Paul Young <paul at arkig.com> wrote:
>>>>
>>>>> I also just tried replacing the PSK on both sides and got the same
>>>>> issue continued
>>>>>
>>>>>
>>>>> On 23 September 2013 18:39, Paul Young <paul at arkig.com> wrote:
>>>>>
>>>>>> Hi all,
>>>>>>
>>>>>> After rebooting one side of my Openswan setup without changing config
>>>>>> and so on I am getting this error and cannot create a tunnel anymore.
>>>>>>
>>>>>> The reason I rebooted the host is I applied a bunch of firmware
>>>>>> updates to the hardware.
>>>>>>
>>>>>>  Sep 23 18:33:23 lobster pluto[38968]: "conn"[11] <outside IP
>>>>>> address> #55: next payload type of ISAKMP Identification Payload has an
>>>>>> unknown value: 23
>>>>>> Sep 23 18:33:23 lobster pluto[38968]: "conn"[11] <outside IP address>
>>>>>> #55: probable authentication failure (mismatch of preshared secrets?):
>>>>>> malformed payload in packet
>>>>>> Sep 23 18:33:23 lobster pluto[38968]: | payload malformed after IV
>>>>>> Sep 23 18:33:23 lobster pluto[38968]: |   74 40 8b d3  5a 30 3e 52
>>>>>>  dc 54 26 a5  d9 88 bc e9
>>>>>> Sep 23 18:33:23 lobster pluto[38968]: |   e4 ea 8e 4b
>>>>>> Sep 23 18:33:23 lobster pluto[38968]: "conn"[11] <outside IP address>
>>>>>> #55: sending notification PAYLOAD_MALFORMED to <outside IP address>:500
>>>>>>
>>>>>> I have triple checked the PSK and it appears to be fine. What am I
>>>>>> missing?
>>>>>>
>>>>>> Thanks,
>>>>>> Paul
>>>>>>
>>>>>       _______________________________________________
>>>> Users at lists.openswan.org
>>>> https://lists.openswan.org/mailman/listinfo/users
>>>> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
>>>> Building and Integrating Virtual Private Networks with Openswan:
>>>> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>>>>
>>>>       _______________________________________________
>> Users at lists.openswan.org
>> https://lists.openswan.org/mailman/listinfo/users
>> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
>> Building and Integrating Virtual Private Networks with Openswan:
>> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>>
>>
> _______________________________________________Users at lists.openswan.orghttps://lists.openswan.org/mailman/listinfo/users
> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> Building and Integrating Virtual Private Networks with Openswan:http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>
>
> _______________________________________________
> Users at lists.openswan.org
> https://lists.openswan.org/mailman/listinfo/users
> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20130924/a468dc20/attachment-0001.html>

More information about the Users mailing list