<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
  <head>
    <meta content="text/html; charset=ISO-8859-1"
      http-equiv="Content-Type">
    <title></title>
  </head>
  <body text="#000000" bgcolor="#ffffff">
    Simon,<br>
    <br>
    <br>
    # this file is managed with debconf and will contain the
    automatically created RSA keys<br>
    #include /var/lib/openswan/ipsec.secrets.inc<br>
    #@telefonica.example.com @digitalgeko.example.com : PSK
    "iqUDB1unForT3hw21"<br>
    @ME.example.com : PSK "somekey"<br>
    @telefonica.example.com : PSK "somekey"<br>
    <br>
    <br>
    And somekey is the key they sent me to build up de connection. Any
    ideas, thanks<br>
    <br>
    El 12/06/12 13:01, simon charles escribi&oacute;:
    <blockquote cite="mid:SNT110-W3572B010478AF196F6812BDBF60@phx.gbl"
      type="cite">
      <style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 10pt;
font-family:Tahoma
}
--></style>
      <div dir="ltr">
        Please check your secrets file and ensure that you have <br>
        1) The correct syntax for the secrets file<br>
        2) The correct pre-shared keys on both the vpn peers<br>
        &nbsp;&nbsp;&nbsp;&nbsp; Thanks. <br>
        <br>
        <span style="font-family: Tahoma,Helvetica,Sans-Serif;
          font-style: italic; font-weight: bold;">-<span
            style="font-family: Times New Roman,Times,Serif;"> Simon
            Charles - </span></span><br>
        <br>
        <br>
        <div>&gt; Date: Tue, 12 Jun 2012 12:49:43 -0600<br>
          &gt; From: <a class="moz-txt-link-abbreviated" href="mailto:lgramajo@empagua.com">lgramajo@empagua.com</a><br>
          &gt; To: <a class="moz-txt-link-abbreviated" href="mailto:users@lists.openswan.org">users@lists.openswan.org</a><br>
          &gt; Subject: [Openswan Users] STATE_MAIN_I3: sent MI3,
          expecting MR3, 002 #1: received 1 malformed payload notifies<br>
          &gt; <br>
          &gt; Hi everyone,<br>
          &gt; <br>
          &gt; Ive been cracking my head the for the las day trying to
          figure this out.<br>
          &gt; <br>
          &gt; When I start the ipsec service im getting:<br>
          &gt; <br>
          &gt; <br>
          &gt; ipsec_setup: Starting Openswan IPsec
          U2.6.28/K2.6.32-5-xen-amd64...<br>
          &gt; 000 initiating all conns with alias='telefonica'<br>
          &gt; 002 "telefonica/2x0" #1: initiating Main Mode<br>
          &gt; 104 "telefonica/2x0" #1: STATE_MAIN_I1: initiate<br>
          &gt; 002 "telefonica/2x0" #1: transition from state
          STATE_MAIN_I1 to state <br>
          &gt; STATE_MAIN_I2<br>
          &gt; 106 "telefonica/2x0" #1: STATE_MAIN_I2: sent MI2,
          expecting MR2<br>
          &gt; 002 "telefonica/2x0" #1: transition from state
          STATE_MAIN_I2 to state <br>
          &gt; STATE_MAIN_I3<br>
          &gt; 108 "telefonica/2x0" #1: STATE_MAIN_I3: sent MI3,
          expecting MR3<br>
          &gt; 002 "telefonica/2x0" #1: received 1 malformed payload
          notifies<br>
          &gt; 010 "telefonica/2x0" #1: STATE_MAIN_I3: retransmission;
          will wait 20s <br>
          &gt; for response<br>
          &gt; 010 "telefonica/2x0" #1: STATE_MAIN_I3: retransmission;
          will wait 40s <br>
          &gt; for response<br>
          &gt; 031 "telefonica/2x0" #1: max number of retransmissions
          (2) reached <br>
          &gt; STATE_MAIN_I3. Possible authentication failure: no
          acceptable response <br>
          &gt; to our first encrypted message<br>
          &gt; <br>
          &gt; <br>
          &gt; My config is as follows:<br>
          &gt; <br>
          &gt; <br>
          &gt; # basic configuration<br>
          &gt; config setup<br>
          &gt; interfaces="%defaultroute"<br>
          &gt; klipsdebug=none<br>
          &gt; plutodebug=none<br>
          &gt; #plutoload=%search<br>
          &gt; #plutostart=%search<br>
          &gt; plutostderrlog="/var/log/pluto.log"<br>
          &gt; protostack=netkey<br>
          &gt; # nhelpers=0<br>
          &gt; oe=no<br>
          &gt; <br>
          &gt; # defaults that apply to all connection descriptions<br>
          &gt; conn %default<br>
          &gt; # How persistent to be in (re)keying negotiations (0
          means very).<br>
          &gt; keyingtries=0<br>
          &gt; # How to authenticate gatways<br>
          &gt; authby=secret<br>
          &gt; type=tunnel<br>
          &gt; <br>
          &gt; conn telefonica<br>
          &gt; left=MY_PUBLIC_IP<br>
          &gt; leftsubnets={10.13.1.35/32 10.13.1.39/32}<br>
          &gt; <a class="moz-txt-link-abbreviated" href="mailto:leftid=@ME.example.com">leftid=@ME.example.com</a><br>
          &gt; # leftxauthclient=yes<br>
          &gt; right=THEIR_PUBLIC_IP<br>
          &gt; rightsubnet=192.168.144.3/32<br>
          &gt; # rightxauthserver=yes<br>
          &gt; <a class="moz-txt-link-abbreviated" href="mailto:rightid=@telefonica.example.com">rightid=@telefonica.example.com</a><br>
          &gt; keyingtries=1<br>
          &gt; pfs=no<br>
          &gt; aggrmode=no<br>
          &gt; auto=add<br>
          &gt; auth=esp<br>
          &gt; esp=3DES-SHA1<br>
          &gt; keyexchange=ike<br>
          &gt; ike=3DES-SHA1-modp1024<br>
          &gt; ikelifetime=24h<br>
          &gt; # keyingtries=3<br>
          &gt; keylife=1h<br>
          &gt; authby=secret<br>
          &gt; <br>
          &gt; <br>
          &gt; Can please someone point me in the right direction,
          thanks.<br>
          &gt; <br>
          &gt; -- <br>
          &gt; Luis Fernando Gramajo P.<br>
          &gt; Redes y Telecomunicaciones<br>
          &gt; Sistemas de Informaci&oacute;n EMPAGUA<br>
          &gt; <br>
          &gt; _______________________________________________<br>
          &gt; <a class="moz-txt-link-abbreviated" href="mailto:Users@lists.openswan.org">Users@lists.openswan.org</a><br>
          &gt; <a class="moz-txt-link-freetext" href="https://lists.openswan.org/mailman/listinfo/users">https://lists.openswan.org/mailman/listinfo/users</a><br>
          &gt; Micropayments:
          <a class="moz-txt-link-freetext" href="https://flattr.com/thing/38387/IPsec-for-Linux-made-easy">https://flattr.com/thing/38387/IPsec-for-Linux-made-easy</a><br>
          &gt; Building and Integrating Virtual Private Networks with
          Openswan:<br>
          &gt;
          <a class="moz-txt-link-freetext" href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</a><br>
        </div>
      </div>
    </blockquote>
    <br>
    <pre class="moz-signature" cols="72">-- 
Luis Fernando Gramajo P.
Redes y Telecomunicaciones
Sistemas de Informaci&oacute;n EMPAGUA
</pre>
  </body>
</html>