<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 10pt;
font-family:Tahoma
}
--></style></head>
<body class='hmmessage'><div dir='ltr'>
Luis , <br>&nbsp;&nbsp; Please try this command and look for your peer id and its corresponding PSK<br>ipsec showhostkey --list<br><br>Alternatively&nbsp; you could also try this PSK syntax in your ipsec.secrets.inc file<br><br><a class="ecxmoz-txt-link-abbreviated" href="mailto:leftid=@ME.example.com">@ME.example.com</a> <a class="ecxmoz-txt-link-abbreviated" href="mailto:rightid=@telefonica.example.com">@telefonica.example.com</a> : PSK "somekey"<br><br>&nbsp;&nbsp; Thanks. <br><br><span style="font-family:Tahoma,Helvetica,Sans-Serif;font-style:italic;font-weight:bold">-<span style="font-family:Times New Roman,Times,Serif"> Simon Charles - </span></span><br><br><br><div><div id="SkyDrivePlaceholder"></div><hr id="stopSpelling">Date: Tue, 12 Jun 2012 14:49:52 -0600<br>From: lgramajo@empagua.com<br>To: charlessimon@hotmail.com<br>CC: users@lists.openswan.org<br>Subject: Re: [Openswan Users] STATE_MAIN_I3: sent MI3, expecting MR3, 002  #1: received 1 malformed payload notifies<br><br>

  
    
    <title></title>
  
  
    Simon,<br>
    <br>
    <br>
    # this file is managed with debconf and will contain the
    automatically created RSA keys<br>
    #include /var/lib/openswan/ipsec.secrets.inc<br>
    #@telefonica.example.com @digitalgeko.example.com : PSK
    "iqUDB1unForT3hw21"<br>
    @ME.example.com : PSK "somekey"<br>
    @telefonica.example.com : PSK "somekey"<br>
    <br>
    <br>
    And somekey is the key they sent me to build up de connection. Any
    ideas, thanks<br>
    <br>
    El 12/06/12 13:01, simon charles escribió:
    <blockquote cite="mid:SNT110-W3572B010478AF196F6812BDBF60@phx.gbl">
      <style><!--
.ExternalClass .ecxhmmessage P
{padding:0px;}
.ExternalClass body.ecxhmmessage
{font-size:10pt;font-family:Tahoma;}

--></style>
      <div dir="ltr">
        Please check your secrets file and ensure that you have <br>
        1) The correct syntax for the secrets file<br>
        2) The correct pre-shared keys on both the vpn peers<br>
        &nbsp;&nbsp;&nbsp;&nbsp; Thanks. <br>
        <br>
        <span style="font-family:Tahoma,Helvetica,Sans-Serif;font-style:italic;font-weight:bold">-<span style="font-family:Times New Roman,Times,Serif"> Simon
            Charles - </span></span><br>
        <br>
        <br>
        <div>&gt; Date: Tue, 12 Jun 2012 12:49:43 -0600<br>
          &gt; From: <a class="ecxmoz-txt-link-abbreviated" href="mailto:lgramajo@empagua.com">lgramajo@empagua.com</a><br>
          &gt; To: <a class="ecxmoz-txt-link-abbreviated" href="mailto:users@lists.openswan.org">users@lists.openswan.org</a><br>
          &gt; Subject: [Openswan Users] STATE_MAIN_I3: sent MI3,
          expecting MR3, 002 #1: received 1 malformed payload notifies<br>
          &gt; <br>
          &gt; Hi everyone,<br>
          &gt; <br>
          &gt; Ive been cracking my head the for the las day trying to
          figure this out.<br>
          &gt; <br>
          &gt; When I start the ipsec service im getting:<br>
          &gt; <br>
          &gt; <br>
          &gt; ipsec_setup: Starting Openswan IPsec
          U2.6.28/K2.6.32-5-xen-amd64...<br>
          &gt; 000 initiating all conns with alias='telefonica'<br>
          &gt; 002 "telefonica/2x0" #1: initiating Main Mode<br>
          &gt; 104 "telefonica/2x0" #1: STATE_MAIN_I1: initiate<br>
          &gt; 002 "telefonica/2x0" #1: transition from state
          STATE_MAIN_I1 to state <br>
          &gt; STATE_MAIN_I2<br>
          &gt; 106 "telefonica/2x0" #1: STATE_MAIN_I2: sent MI2,
          expecting MR2<br>
          &gt; 002 "telefonica/2x0" #1: transition from state
          STATE_MAIN_I2 to state <br>
          &gt; STATE_MAIN_I3<br>
          &gt; 108 "telefonica/2x0" #1: STATE_MAIN_I3: sent MI3,
          expecting MR3<br>
          &gt; 002 "telefonica/2x0" #1: received 1 malformed payload
          notifies<br>
          &gt; 010 "telefonica/2x0" #1: STATE_MAIN_I3: retransmission;
          will wait 20s <br>
          &gt; for response<br>
          &gt; 010 "telefonica/2x0" #1: STATE_MAIN_I3: retransmission;
          will wait 40s <br>
          &gt; for response<br>
          &gt; 031 "telefonica/2x0" #1: max number of retransmissions
          (2) reached <br>
          &gt; STATE_MAIN_I3. Possible authentication failure: no
          acceptable response <br>
          &gt; to our first encrypted message<br>
          &gt; <br>
          &gt; <br>
          &gt; My config is as follows:<br>
          &gt; <br>
          &gt; <br>
          &gt; # basic configuration<br>
          &gt; config setup<br>
          &gt; interfaces="%defaultroute"<br>
          &gt; klipsdebug=none<br>
          &gt; plutodebug=none<br>
          &gt; #plutoload=%search<br>
          &gt; #plutostart=%search<br>
          &gt; plutostderrlog="/var/log/pluto.log"<br>
          &gt; protostack=netkey<br>
          &gt; # nhelpers=0<br>
          &gt; oe=no<br>
          &gt; <br>
          &gt; # defaults that apply to all connection descriptions<br>
          &gt; conn %default<br>
          &gt; # How persistent to be in (re)keying negotiations (0
          means very).<br>
          &gt; keyingtries=0<br>
          &gt; # How to authenticate gatways<br>
          &gt; authby=secret<br>
          &gt; type=tunnel<br>
          &gt; <br>
          &gt; conn telefonica<br>
          &gt; left=MY_PUBLIC_IP<br>
          &gt; leftsubnets={10.13.1.35/32 10.13.1.39/32}<br>
          &gt; <a class="ecxmoz-txt-link-abbreviated" href="mailto:leftid=@ME.example.com">leftid=@ME.example.com</a><br>
          &gt; # leftxauthclient=yes<br>
          &gt; right=THEIR_PUBLIC_IP<br>
          &gt; rightsubnet=192.168.144.3/32<br>
          &gt; # rightxauthserver=yes<br>
          &gt; <a class="ecxmoz-txt-link-abbreviated" href="mailto:rightid=@telefonica.example.com">rightid=@telefonica.example.com</a><br>
          &gt; keyingtries=1<br>
          &gt; pfs=no<br>
          &gt; aggrmode=no<br>
          &gt; auto=add<br>
          &gt; auth=esp<br>
          &gt; esp=3DES-SHA1<br>
          &gt; keyexchange=ike<br>
          &gt; ike=3DES-SHA1-modp1024<br>
          &gt; ikelifetime=24h<br>
          &gt; # keyingtries=3<br>
          &gt; keylife=1h<br>
          &gt; authby=secret<br>
          &gt; <br>
          &gt; <br>
          &gt; Can please someone point me in the right direction,
          thanks.<br>
          &gt; <br>
          &gt; -- <br>
          &gt; Luis Fernando Gramajo P.<br>
          &gt; Redes y Telecomunicaciones<br>
          &gt; Sistemas de Información EMPAGUA<br>
          &gt; <br>
          &gt; _______________________________________________<br>
          &gt; <a class="ecxmoz-txt-link-abbreviated" href="mailto:Users@lists.openswan.org">Users@lists.openswan.org</a><br>
          &gt; <a class="ecxmoz-txt-link-freetext" href="https://lists.openswan.org/mailman/listinfo/users" target="_blank">https://lists.openswan.org/mailman/listinfo/users</a><br>
          &gt; Micropayments:
          <a class="ecxmoz-txt-link-freetext" href="https://flattr.com/thing/38387/IPsec-for-Linux-made-easy" target="_blank">https://flattr.com/thing/38387/IPsec-for-Linux-made-easy</a><br>
          &gt; Building and Integrating Virtual Private Networks with
          Openswan:<br>
          &gt;
          <a class="ecxmoz-txt-link-freetext" href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155" target="_blank">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</a><br>
        </div>
      </div>
    </blockquote>
    <br>
    <pre class="ecxmoz-signature">-- 
Luis Fernando Gramajo P.
Redes y Telecomunicaciones
Sistemas de Información EMPAGUA
</pre></div>                                               </div></body>
</html>