Hi Paul - I am running the same libreswan/OS as the original poster and this morning had 3 libreswan instances (each to different Mcafee devices) become unresponsive. There is no prior mention of malformed packets in any of my ipsec.log files (goes back a few weeks) and hey have been reliable otherwise.
Is there a changelog entry between 3.8.6 and 3.12 that addresses a malformed packet situation I can reference for moving to 7.1 just after it was released? Thanks #vpn server 1 transition from state STATE_QUICK_R0 to state STATE_QUICK_R1 STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2 next payload type of ISAKMP Hash Payload has an unknown value: 156 malformed payload in packet # vpn server 2 STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2 next payload type of ISAKMP Hash Payload has an unknown value: 133 malformed payload in packet # vpn server 3 transition from state STATE_QUICK_R0 to state STATE_QUICK_R1 STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2 next payload type of ISAKMP Hash Payload has an unknown value: 102 malformed payload in packet On Fri, Mar 6, 2015 at 6:46 PM, Paul Wouters <[email protected]> wrote: > On Fri, 6 Mar 2015, David Mansfield wrote: > > I'm attempting to set up a tunnel using libreswan-3.8-6.el7_0.x86_64 on >> centos 7. >> > > Can you try the 3.12 build? It came out yesterday for RHEL-7.1, not sure > if Centos has picked it up yet. But it should be an easy rpm recompile > with the newer version (and older patches removed) > > It is also possibly you have a wrong PSK. > > Mar 6 13:49:37 ipsec-gateway pluto[3647]: | phase 1 is done, looking for >>> phase 2 to unpend >>> >> >> So is it possible my phase 2 algorithms don't match? It's computing a >> "phase 2 iv" and then decrypting then: >> > > No your phase1 did not come up.... > > Paul > > _______________________________________________ > Swan mailing list > [email protected] > https://lists.libreswan.org/mailman/listinfo/swan >
_______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
