Hello, I am getting this error when I try to bring up IPSec Tunnel... Looking for someone help.. Thanks...


ipsec.conf


PLESE, any help or suggestions will be very appreciated!

Connection Configuration >>> http://i48.tinypic.com/1823ba.jpg

Might look at this just in case. http://ubuntuforums.org/showthread.php?t=527423

In a very old version there was a known bug about that. Latest packages?

I figured that out already, now I have another problem >



ipsec.conf


PLESE, any help or suggestions will be very appreciated!

I am having the same problem. Did anyone solve this problem?

The log is

002 "L2TP-PSK-CLIENT" #1: initiating Main Mode
104 "L2TP-PSK-CLIENT" #1: STATE_MAIN_I1: initiate
003 "L2TP-PSK-CLIENT" #1: received Vendor ID payload [Openswan (this version) 2.4.9 LDAP_V3 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]
003 "L2TP-PSK-CLIENT" #1: received Vendor ID payload [Dead Peer Detection]
003 "L2TP-PSK-CLIENT" #1: received Vendor ID payload [RFC 3947] method set to=110
002 "L2TP-PSK-CLIENT" #1: enabling possible NAT-traversal with method RFC 3947 (NAT-Traversal)
002 "L2TP-PSK-CLIENT" #1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
106 "L2TP-PSK-CLIENT" #1: STATE_MAIN_I2: sent MI2, expecting MR2
002 "L2TP-PSK-CLIENT" #1: I did not send a certificate because I do not have one.
003 "L2TP-PSK-CLIENT" #1: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected
002 "L2TP-PSK-CLIENT" #1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
108 "L2TP-PSK-CLIENT" #1: STATE_MAIN_I3: sent MI3, expecting MR3
002 "L2TP-PSK-CLIENT" #1: received 1 malformed payload notifies
010 "L2TP-PSK-CLIENT" #1: STATE_MAIN_I3: retransmission; will wait 20s for response
002 "L2TP-PSK-CLIENT" #1: received 2 malformed payload notifies
003 "L2TP-PSK-CLIENT" #1: discarding duplicate packet; already STATE_MAIN_I3

I have the exact same problem as cecolong does.

skate, I'm glad that you could solve the first issue about this, but I'd really appreciate if you could share the solution with us who are stuck at that phase.

Make sure that the other side has your right configuration and you as well. I will send you message with my ipsec.conf. Let me know whats yours. Thank you.

PS: I am unable to send you private message.

Thanks for the quick reply! Right now that's how my ipsec.conf looks like:

config setup
nat_traversal=yes
protostack=netkey
interfaces=%defaultroute
#plutodebug=all

conn sonicwall
#modecfgclient=yes
#modecfgpull=yes
#compress=yes
#leftsendcert=always
#fragicmp=yes
type=tunnel
left=%defaultroute
#left=10.66.67.10
#leftsubnet=10.66.67.0/24 # Your local subnet, eg: 192.168.0.0/24
leftid=@myvpn
#leftxauthclient=yes
right=vpn.company.net
#rightmodecfgserver=yes
rightsubnet=72.9.41.0/25 # The subnet at the router end, eg: 192.168.2.0/24
#rightxauthserver=yes
rightid=@company # This must be the Unique ID of the SonicWALL router
#keyingtries=0
pfs=no
aggrmode=no
keyexchange=ike
auto=add
auth=esp
esp=3des-sha1
ike=3des-sha1-modp1024
authby=secret

And that's what happens upon trying to establish connection:

002 listening for IKE messages
003 NAT-Traversal: Trying new style NAT-T
003 NAT-Traversal: ESPINUDP(1) setup failed for new style NAT-T family IPv4 (errno=19)
003 NAT-Traversal: Trying old style NAT-T
002 adding interface ppp0/ppp0 172.16.12.110:500
002 adding interface ppp0/ppp0 172.16.12.110:4500
002 adding interface eth0/eth0 10.66.67.10:500
002 adding interface eth0/eth0 10.66.67.10:4500
002 adding interface lo/lo 127.0.0.1:500
002 adding interface lo/lo 127.0.0.1:4500
002 adding interface lo/lo ::1:500
002 loading secrets from "/etc/ipsec.secrets"
002 loading secrets from "/var/lib/openswan/ipsec.secrets.inc"
002 loaded private key file '/etc/ipsec.d/private/nitehawkKey.pem' (1679 bytes)
002 loaded private key for keyid: PPK_RSA:AwEAAdeSE
002 "sonicwall" #1: initiating Main Mode
104 "sonicwall" #1: STATE_MAIN_I1: initiate
003 "sonicwall" #1: ignoring unknown Vendor ID payload [5b362bc820f60007]
003 "sonicwall" #1: received Vendor ID payload [RFC 3947] method set to=109
002 "sonicwall" #1: enabling possible NAT-traversal with method 4
002 "sonicwall" #1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
106 "sonicwall" #1: STATE_MAIN_I2: sent MI2, expecting MR2
003 "sonicwall" #1: ignoring Vendor ID payload [Sonicwall 1 (TZ 170 Standard?)]
003 "sonicwall" #1: received Vendor ID payload [XAUTH]
003 "sonicwall" #1: received Vendor ID payload [Dead Peer Detection]
003 "sonicwall" #1: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): i am NATed
002 "sonicwall" #1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
108 "sonicwall" #1: STATE_MAIN_I3: sent MI3, expecting MR3
002 "sonicwall" #1: received 1 malformed payload notifies
003 "sonicwall" #1: discarding duplicate packet; already STATE_MAIN_I3
010 "sonicwall" #1: STATE_MAIN_I3: retransmission; will wait 20s for response
002 "sonicwall" #1: received 2 malformed payload notifies
003 "sonicwall" #1: discarding duplicate packet; already STATE_MAIN_I3
010 "sonicwall" #1: STATE_MAIN_I3: retransmission; will wait 40s for response
002 "sonicwall" #1: received 3 malformed payload notifies
003 "sonicwall" #1: discarding duplicate packet; already STATE_MAIN_I3