[Swan] malformed payload error

David Mansfield swan at dm.cobite.com
Mon Mar 9 23:29:24 EET 2015


On 03/06/2015 07:46 PM, Paul Wouters wrote:
> On Fri, 6 Mar 2015, David Mansfield wrote:
>
>> I'm attempting to set up a tunnel using libreswan-3.8-6.el7_0.x86_64 
>> on centos 7.
>
> Can you try the 3.12 build? It came out yesterday for RHEL-7.1, not sure
> if Centos has picked it up yet. But it should be an easy rpm recompile
> with the newer version (and older patches removed)
>
> It is also possibly you have a wrong PSK.
>

Most likely the PSK - but I'm still waiting from the partner to confirm 
it's been deployed correctly on that end (I've checked my transcription 
about 5 times).

I tried with the RPM rebuild (libreswan-3.12-5.el7.centos.x86_64.rpm) 
and no real difference there that I can see (as far as - "it's still not 
working"). One selinux AVC to worry about but I built a custom policy 
and it seems to be running.

If I can find out anything else I'll check back.

>>> Mar  6 13:49:37 ipsec-gateway pluto[3647]: | phase 1 is done, 
>>> looking for phase 2 to unpend
>>
>> So is it possible my phase 2 algorithms don't match? It's computing a 
>> "phase 2 iv" and then decrypting then:
>
> No your phase1 did not come up....

Ok. Good to know.

Thanks,
David



More information about the Swan mailing list