[Swan] malformed payload error

David M da3bobots at gmail.com
Sat Mar 7 22:28:20 EET 2015


Hi Paul -
I am running the same libreswan/OS as the original poster and this morning
had 3 libreswan instances (each to different Mcafee devices) become
unresponsive.
There is no prior mention of malformed packets in any of my ipsec.log files
(goes back a few weeks) and hey have been reliable otherwise.

Is there a changelog entry between 3.8.6 and 3.12 that addresses a
malformed packet situation I can reference for moving to 7.1 just after it
was released?

Thanks

#vpn server 1
transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
next payload type of ISAKMP Hash Payload has an unknown value: 156
malformed payload in packet

# vpn server 2
STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
next payload type of ISAKMP Hash Payload has an unknown value: 133
malformed payload in packet

# vpn server 3
transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
next payload type of ISAKMP Hash Payload has an unknown value: 102
malformed payload in packet






On Fri, Mar 6, 2015 at 6:46 PM, Paul Wouters <paul at nohats.ca> wrote:

> On Fri, 6 Mar 2015, David Mansfield wrote:
>
>  I'm attempting to set up a tunnel using libreswan-3.8-6.el7_0.x86_64 on
>> centos 7.
>>
>
> Can you try the 3.12 build? It came out yesterday for RHEL-7.1, not sure
> if Centos has picked it up yet. But it should be an easy rpm recompile
> with the newer version (and older patches removed)
>
> It is also possibly you have a wrong PSK.
>
>  Mar  6 13:49:37 ipsec-gateway pluto[3647]: | phase 1 is done, looking for
>>> phase 2 to unpend
>>>
>>
>> So is it possible my phase 2 algorithms don't match? It's computing a
>> "phase 2 iv" and then decrypting then:
>>
>
> No your phase1 did not come up....
>
> Paul
>
> _______________________________________________
> Swan mailing list
> Swan at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20150307/71d7790f/attachment.html>


More information about the Swan mailing list