Hi All, problem solved with the help of Andreas, it was my mistake and lightness. The digital certificate was wrong and the IP address, of my test client, that clashed with the server virtual_private. sorry.
f. Il 28/09/2009 22:47, Andreas Steffen ha scritto: > Hi Francesco, > > never saw this error message before > > > Sep 26 09:48:04 vpngw pluto[32319]: "roadwarrior"[6] 79.40.165.31:5344 > > #47: byte 2 of ISAKMP Hash Payload must be zero, but is not > > but I haven't tested the Windows 7 IKEv1 client with NAT-Traversal > yet. Could you ramp up the debugging level by specifying > > plutodebug=all > > in ipsec.conf? > > Best regards > > Andreas > > Francesco Defilippo wrote: > > Hi all, > > > > windows 7 doesn't work (all others os works xp, 200x, linux,cisco etc) > > with my vpn server: > > > > # OS: CentOS 5.3 > > # software: strongswan-4.3.4 > > > > config setup > > interfaces=%defaultroute # obsolete > > nat_traversal=yes > > klipsdebug=all # obsolete > > dumpdir=/tmp # obsolete > > overridemtu=1400 # obsolete > > hidetos=yes # obsolete > > uniqueids=yes > > fragicmp=no # obsolete > > keep_alive=5 > > plutostart=yes > > charonstart=no > > > > conn %default > > keyingtries=%forever > > authby=rsasig > > leftrsasigkey=%cert # obsolete > > rightrsasigkey=%cert # obsolete > > left=%defaultroute > > leftcert=vpngw-cert.pem > > pfs=no > > .... > > conn roadwarrior > > leftprotoport=17/1701 > > right=%any > > rightprotoport=17/%any > > rightsubnet=vhost:%no,%priv # serve per i client nattati > > keyingtries=3 > > dpdaction=clear # RFC 3706 Dead Peer Detection > > auto=add > > > > the log file: > > > > Sep 26 09:48:03 vpngw pluto[32319]: packet from 79.40.165.31:5344: > > ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 0 0000008] > > Sep 26 09:48:03 vpngw pluto[32319]: packet from 79.40.165.31:5344: > > received Vendor ID payload [RFC 3947] > > Sep 26 09:48:03 vpngw pluto[32319]: packet from 79.40.165.31:5344: > > ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] > > Sep 26 09:48:03 vpngw pluto[32319]: packet from 79.40.165.31:5344: > > ignoring Vendor ID payload [FRAGMENTATION] > > Sep 26 09:48:03 vpngw pluto[32319]: packet from 79.40.165.31:5344: > > ignoring Vendor ID payload [MS-Negotiation Discovery Capable] > > Sep 26 09:48:03 vpngw pluto[32319]: packet from 79.40.165.31:5344: > > ignoring Vendor ID payload [Vid-Initial-Contact] > > Sep 26 09:48:03 vpngw pluto[32319]: packet from 79.40.165.31:5344: > > ignoring Vendor ID payload [IKE CGA version 1] > > Sep 26 09:48:03 vpngw pluto[32319]: "roadwarrior"[6] 79.40.165.31:5344 > > #47: responding to Main Mode from unknown peer 79.40.164.31:5344 > > Sep 26 09:48:03 vpngw pluto[32319]: "roadwarrior"[6] 79.40.165.31:5344 > > #47: ECP_384 is not supported. Attribute OAKLEY_GROUP_DESCRIPTION > > Sep 26 09:48:03 vpngw pluto[32319]: "roadwarrior"[6] 79.40.165.31:5344 > > #47: ECP_256 is not supported. Attribute OAKLEY_GROUP_DESCRIPTION > > Sep 26 09:48:03 vpngw pluto[32319]: "roadwarrior"[6] 79.40.165.31:5344 > > #47: NAT-Traversal: Result using RFC 3947: peer is NATed > > Sep 26 09:48:04 vpngw pluto[32319]: "roadwarrior"[6] 79.40.165.31:5344 > > #47: byte 2 of ISAKMP Hash Payload must be zero, but is not > > Sep 26 09:48:04 vpngw pluto[32319]: "roadwarrior"[6] 79.40.165.31:5344 > > #47: malformed payload in packet > > Sep 26 09:48:12 vpngw pluto[32319]: "roadwarrior"[6] 79.40.165.31:5344 > > #42: max number of retransmissions (2) reached STATE_MAIN_R2 > > ====================================================================== > Andreas Steffen [email protected] > strongSwan - the Linux VPN Solution! www.strongswan.org > Institute for Internet Technologies and Applications > University of Applied Sciences Rapperswil > CH-8640 Rapperswil (Switzerland) > ===========================================================[ITA-HSR]== > _______________________________________________ > Users mailing list > [email protected] > https://lists.strongswan.org/mailman/listinfo/users > _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
