Hi Francesco, never saw this error message before
> Sep 26 09:48:04 vpngw pluto[32319]: "roadwarrior"[6] 79.40.165.31:5344 > #47: byte 2 of ISAKMP Hash Payload must be zero, but is not but I haven't tested the Windows 7 IKEv1 client with NAT-Traversal yet. Could you ramp up the debugging level by specifying plutodebug=all in ipsec.conf? Best regards Andreas Francesco Defilippo wrote: > Hi all, > > windows 7 doesn't work (all others os works xp, 200x, linux,cisco etc) > with my vpn server: > > # OS: CentOS 5.3 > # software: strongswan-4.3.4 > > config setup > interfaces=%defaultroute # obsolete > nat_traversal=yes > klipsdebug=all # obsolete > dumpdir=/tmp # obsolete > overridemtu=1400 # obsolete > hidetos=yes # obsolete > uniqueids=yes > fragicmp=no # obsolete > keep_alive=5 > plutostart=yes > charonstart=no > > conn %default > keyingtries=%forever > authby=rsasig > leftrsasigkey=%cert # obsolete > rightrsasigkey=%cert # obsolete > left=%defaultroute > leftcert=vpngw-cert.pem > pfs=no > .... > conn roadwarrior > leftprotoport=17/1701 > right=%any > rightprotoport=17/%any > rightsubnet=vhost:%no,%priv # serve per i client nattati > keyingtries=3 > dpdaction=clear # RFC 3706 Dead Peer Detection > auto=add > > the log file: > > Sep 26 09:48:03 vpngw pluto[32319]: packet from 79.40.165.31:5344: > ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 0 0000008] > Sep 26 09:48:03 vpngw pluto[32319]: packet from 79.40.165.31:5344: > received Vendor ID payload [RFC 3947] > Sep 26 09:48:03 vpngw pluto[32319]: packet from 79.40.165.31:5344: > ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] > Sep 26 09:48:03 vpngw pluto[32319]: packet from 79.40.165.31:5344: > ignoring Vendor ID payload [FRAGMENTATION] > Sep 26 09:48:03 vpngw pluto[32319]: packet from 79.40.165.31:5344: > ignoring Vendor ID payload [MS-Negotiation Discovery Capable] > Sep 26 09:48:03 vpngw pluto[32319]: packet from 79.40.165.31:5344: > ignoring Vendor ID payload [Vid-Initial-Contact] > Sep 26 09:48:03 vpngw pluto[32319]: packet from 79.40.165.31:5344: > ignoring Vendor ID payload [IKE CGA version 1] > Sep 26 09:48:03 vpngw pluto[32319]: "roadwarrior"[6] 79.40.165.31:5344 > #47: responding to Main Mode from unknown peer 79.40.164.31:5344 > Sep 26 09:48:03 vpngw pluto[32319]: "roadwarrior"[6] 79.40.165.31:5344 > #47: ECP_384 is not supported. Attribute OAKLEY_GROUP_DESCRIPTION > Sep 26 09:48:03 vpngw pluto[32319]: "roadwarrior"[6] 79.40.165.31:5344 > #47: ECP_256 is not supported. Attribute OAKLEY_GROUP_DESCRIPTION > Sep 26 09:48:03 vpngw pluto[32319]: "roadwarrior"[6] 79.40.165.31:5344 > #47: NAT-Traversal: Result using RFC 3947: peer is NATed > Sep 26 09:48:04 vpngw pluto[32319]: "roadwarrior"[6] 79.40.165.31:5344 > #47: byte 2 of ISAKMP Hash Payload must be zero, but is not > Sep 26 09:48:04 vpngw pluto[32319]: "roadwarrior"[6] 79.40.165.31:5344 > #47: malformed payload in packet > Sep 26 09:48:12 vpngw pluto[32319]: "roadwarrior"[6] 79.40.165.31:5344 > #42: max number of retransmissions (2) reached STATE_MAIN_R2 ====================================================================== Andreas Steffen [email protected] strongSwan - the Linux VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]== _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
