Hi
The one time I remember getting that error was when I _thought_ I was
using certificates from /etc/isakmpd/{certsB&private}, but still had a
local.pub and local.key from the installation lying around that got used
instead. Some more debug info (/var/log/daemon) would be helpful indeed.
krgds /m
Patrick Hemmen wrote:
> Hello all,
>
> I have two OpenBSD machines for a redundancy VPN-Gateway. They use
> carp to share one IP-Address and sasyncd to synchronize SAs and SPDs.
> I setup a ipsec-tunnel in /etc/ipsec.conf. The tunnel isn't
> established and the error "PAYLOAD_MALFORMED" appears in the logs.
> With tcpdump I can see that the initial packet (isakmp v1.0 exchange
> ID_PROT) to establish the tunnel come from the host IP-Address and not
> from the carp address.
