[Openswan Users] Tunnel fails after OpenSSL patch
Simon Deziel
simon at xelerance.com
Wed Apr 9 14:45:48 EDT 2014
Hi Ed,
We had no such issue with our environment:
OpenSwan 2.6.41
OpenSSL 1.0.1-4ubuntu5.12 (Ubuntu patched version)
Simon
On 14-04-09 01:51 PM, Ed Ng wrote:
> Anyone experienced any problem after the recent OpenSSL patch
> (Heartbleed bug)? We have a tunnel that's been running fine for a while
> until we did a system update yesterday. The server runs Amazon Linux
> AMI release 2014.03 with OpenSSL 1:1.0.1e-37.66.amzn1 and
> OpenSwan 2.6.37-3.17.amzn1.
>
> I found some logs that looks abnormal after the patch.
>
> Apr 10 01:21:55 pluto[1230]: "mytunnel" #43: responding to Main Mode
> Apr 10 01:21:55 pluto[1230]: "mytunnel" #43: transition from state
> STATE_MAIN_R0 to state STATE_MAIN_R1
> Apr 10 01:21:55 pluto[1230]: "mytunnel" #43: STATE_MAIN_R1: sent MR1,
> expecting MI2
> Apr 10 01:21:55 pluto[1230]: "mytunnel" #43: next payload type of ISAKMP
> Nonce Payload has an unknown value: 130
> Apr 10 01:21:55 pluto[1230]: "mytunnel" #43: malformed payload in packet
>
> It now says "next payload type of ISAKMP Nonce Payload has an unknown
> value: 130". Anybody has any clue on how to fix this issue? The tunnel
> is currently down and we want to bring it back up asap.
>
> Thanks!
>
> -Ed
>
>
> _______________________________________________
> Users at lists.openswan.org
> https://lists.openswan.org/mailman/listinfo/users
> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>
More information about the Users
mailing list