[Swan] INVALID_KEY_INFORMATION

[Paul Wouters]

On Fri, 5 Aug 2016, John Crisp wrote:

> I am using Libre 3.18 but have seen the same issue on previous versions.
> Libre connects with a Draytek router.
>
> I seem to get a lot of this in my logs:
>
> "ignoring informational payload INVALID_KEY_INFORMATION"
>
> I can see that this is informational, and can be ignored, but wanted to
> know what the cause was and if I can get around it as it fills my logs
> at a fairly high rate !

>From my dealings with Draytek 10 years ago, there were various big
issues with their IKE software. One of the things is that "always on"
did hugely different things and require different settings, something
you would not expect where the only difference should be "load" or
"load and initiate".

I can't really help you. If it works in the non-alwayson mode, and
does not in the alwayson mode, it is mostly likely a configuration
oddity they need or just a bug in their software. You'll have to
try and talk to the vendor.

Paul

> Full excerpt below.
>
>
> The setting that I have in the Draytek are
>
> IKE Phase 1 - Proposal
>
> aes256-sha-modp1536, aes256-sha-modp1024
>
> IKE Phase 2 - Proposal
>
> aes256-sha1, aes192-sha1, aes128-sha1
>
>
> ipsec.conf - fairly basic defaults
>
> conn MyEast
>    type=tunnel
>    authby=secret
>    auto=start
>    keyingtries=0
>    ikelifetime=3600s
>    salifetime=28800s
>    dpdaction=restart
>    dpddelay=30
>    dpdtimeout=10
>    pfs=yes
>    left=%defaultroute
>    leftsourceip=192.168.95.1
>    leftsubnet=192.168.95.0/24
>    right=my.router.ip.address
>    rightsubnet=192.168.10.0/24
>
>
> I note that if I set the router to be always on, and set Libre to
> auto=add I no longer get the messages.
>
> I thought that this may be to do with the ID. I just tried to set the
> rightid=my.router.ip.address but this does not cure the issue.
>
> Any suggestions appreciated.
>
> B. Rgds
> John
>
> Aug  5 13:32:49: "MyEast" #14: initiating Main Mode to replace #13
> Aug  5 13:32:49: "MyEast" #14: transition from state STATE_MAIN_I1 to
> state STATE_MAIN_I2
> Aug  5 13:32:49: "MyEast" #14: STATE_MAIN_I2: sent MI2, expecting MR2
> Aug  5 13:32:49: "MyEast" #14: ignoring informational payload
> INVALID_KEY_INFORMATION, msgid=00000000, length=12
> Aug  5 13:32:49: "MyEast" #14: received and ignored informational message
> Aug  5 13:32:49: "MyEast" #14: ignoring informational payload
> INVALID_KEY_INFORMATION, msgid=00000000, length=12
> Aug  5 13:32:49: "MyEast" #14: received and ignored informational message
> Aug  5 13:32:50: "MyEast" #14: ignoring informational payload
> INVALID_KEY_INFORMATION, msgid=00000000, length=12
> Aug  5 13:32:50: "MyEast" #14: received and ignored informational message
> Aug  5 13:32:51: "MyEast" #14: ignoring informational payload
> INVALID_KEY_INFORMATION, msgid=00000000, length=12
> Aug  5 13:32:51: "MyEast" #14: received and ignored informational message
> Aug  5 13:32:53: "MyEast" #14: ignoring informational payload
> INVALID_KEY_INFORMATION, msgid=00000000, length=12
> Aug  5 13:32:53: "MyEast" #14: received and ignored informational message
> Aug  5 13:32:57: "MyEast" #14: ignoring informational payload
> INVALID_KEY_INFORMATION, msgid=00000000, length=12
> Aug  5 13:32:57: "MyEast" #14: received and ignored informational message
> Aug  5 13:32:59: "MyEast" #14: discarding duplicate packet; already
> STATE_MAIN_I2
> Aug  5 13:33:05: "MyEast" #14: ignoring informational payload
> INVALID_KEY_INFORMATION, msgid=00000000, length=12
> Aug  5 13:33:05: "MyEast" #14: received and ignored informational message
> Aug  5 13:33:19: "MyEast" #14: discarding duplicate packet; already
> STATE_MAIN_I2
> Aug  5 13:33:21: "MyEast" #14: ignoring informational payload
> INVALID_KEY_INFORMATION, msgid=00000000, length=12
> Aug  5 13:33:21: "MyEast" #14: received and ignored informational message
> Aug  5 13:33:45: "MyEast" #15: initiating Main Mode to replace #14
> Aug  5 13:33:45: "MyEast" #14: deleting state (STATE_MAIN_I2)
> Aug  5 13:52:16: "MyEast" #14: initiating Main Mode to replace #13
> Aug  5 13:52:16: "MyEast" #14: transition from state STATE_MAIN_I1 to
> state STATE_MAIN_I2
> Aug  5 13:52:16: "MyEast" #14: STATE_MAIN_I2: sent MI2, expecting MR2
> Aug  5 13:52:16: "MyEast" #14: ignoring informational payload
> INVALID_KEY_INFORMATION, msgid=00000000, length=12
> Aug  5 13:52:16: "MyEast" #14: received and ignored informational message
> Aug  5 13:52:16: "MyEast" #14: ignoring informational payload
> INVALID_KEY_INFORMATION, msgid=00000000, length=12
> Aug  5 13:52:16: "MyEast" #14: received and ignored informational message
> Aug  5 13:52:17: "MyEast" #14: ignoring informational payload
> INVALID_KEY_INFORMATION, msgid=00000000, length=12
> Aug  5 13:52:17: "MyEast" #14: received and ignored informational message
> Aug  5 13:52:18: "MyEast" #14: ignoring informational payload
> INVALID_KEY_INFORMATION, msgid=00000000, length=12
> Aug  5 13:52:18: "MyEast" #14: received and ignored informational message
> Aug  5 13:52:20: "MyEast" #14: ignoring informational payload
> INVALID_KEY_INFORMATION, msgid=00000000, length=12
> Aug  5 13:52:20: "MyEast" #14: received and ignored informational message
> Aug  5 13:52:24: "MyEast" #14: ignoring informational payload
> INVALID_KEY_INFORMATION, msgid=00000000, length=12
> Aug  5 13:52:24: "MyEast" #14: received and ignored informational message
> Aug  5 13:52:26: "MyEast" #14: discarding duplicate packet; already
> STATE_MAIN_I2
> Aug  5 13:52:32: "MyEast" #14: ignoring informational payload
> INVALID_KEY_INFORMATION, msgid=00000000, length=12
> Aug  5 13:52:32: "MyEast" #14: received and ignored informational message
> Aug  5 13:52:46: "MyEast" #14: discarding duplicate packet; already
> STATE_MAIN_I2
> Aug  5 13:52:48: "MyEast" #14: ignoring informational payload
> INVALID_KEY_INFORMATION, msgid=00000000, length=12
> Aug  5 13:52:48: "MyEast" #14: received and ignored informational message
> Aug  5 13:53:11: "MyEast" #15: initiating Main Mode to replace #14
> Aug  5 13:53:11: "MyEast" #14: deleting state (STATE_MAIN_I2)
>
>
>
>