Date: Thu, 3 Jan 2002 15:24:14 +0200 From: "Etienne" <etienne@unix.za.org> To: <freebsd-questions@freebsd.org> Subject: Problems with ISAKMPD : INVALID_PAYLOAD_TYPE & PAYLOAD_MALFORMED errors. Message-ID: <014f01c19459$f30696a0$09f223c4@M4DC0W>
next in thread | raw e-mail | index | archive | help
Greetings, Using FreeBSD 4.4 I'm using the .config and .policy from : http://www.allard.nu/openbsd/openbsd.shtml I've changed only the passphrase. Along with pretty much the default values in my PGP setup. but I am getting these error messages when I try to connect with my PGP client. ISAKMPD: 144323.150738 Default message_parse_payloads: reserved field non-zero: 9 144323.151164 Default dropped message from 196.35.242.9 port 500 due to notification type PAYLOAD_MALFORMED PGP: SARequest: 209.212.107.74 (10.3.92.0/255.255.255.0) New Identity Exchange - Initiator Initiating Phase 1 Keying Send: SA/Vendor/SENT Rcvd: exchange=Identity, firstPayload=SA, port=500 Payloads:SA/ Proposal Selected (I): PreSharedKey, CAST5 Send: KE/Nonce/SENT Rcvd: exchange=Identity, firstPayload=KE, port=500 Payloads:KE/Nonce/ Send: (E):Ident/Hash/Notify/SENT Rcvd: exchange=Informational, firstPayload=Notify, port=500 New Informational Exchange - Responder Payloads:Notify/ Notification ALERT(R): 209.212.107.74, alert=PayloadMalformed SAFailed: 209.212.107.74 (10.3.92.0/255.255.255.0) TCPDUMP: 14:52:04.625478 196.35.242.9.isakmp > bbmwall.brandboxmedia.com.isakmp: [udp sum ok]isakmp 1.0 msgid 00000000: phase 1 I ident: (sa: doi=ipsec situation=identity (p: #1 protoid=isakmp transform=2 (t: #1 id=ike (type=enc value=cast)(type=hash value=sha1)(type=auth value=preshared)(type=group desc value=0005)(type=lifetype value=sec)(type=lifeduration len=4 value=00015180)) (t: #2 id=ike (type=enc value=3des)(type=hash value=md5)(type=auth value=preshared)(type=group desc value=modp1024)(type=lifetype value=sec)(type=lifeduration len=4 value=00015180)))) (vid: len=12) (ttl 121, id 19773, len 164) 14:52:04.626350 bbmwall.brandboxmedia.com.isakmp > 196.35.242.9.isakmp: [udp sum ok]isakmp 1.0 msgid 00000000: phase 1 R ident: (sa: doi=ipsec situation=identity (p: #1 protoid=isakmp transform=1 (t: #1 id=ike (type=enc value=cast)(type=hash value=sha1)(type=auth value=preshared)(type=group desc value=0005)(type=lifetype value=sec)(type=lifeduration len=4 value=00015180)))) (ttl 64, id 41771, len 112) 14:52:04.818878 196.35.242.9.isakmp > bbmwall.brandboxmedia.com.isakmp: [udp sum ok]isakmp 1.0 msgid 00000000: phase 1 I ident: (ke: key len=192) (nonce: n len=32) (ttl 121, id 19774, len 288) 14:52:04.911352 bbmwall.brandboxmedia.com.isakmp > 196.35.242.9.isakmp: [udp sum ok]isakmp 1.0 msgid 00000000: phase 1 R ident: (ke: key len=192) (nonce: n len=32) (ttl 64, id 41772, len 288) 14:52:05.040280 196.35.242.9.isakmp > bbmwall.brandboxmedia.com.isakmp: [udp sum ok]isakmp 1.0 msgid 00000000: phase 1 I ident[E]: [|id] (ttl 121, id 19775, len 104) 14:52:05.041483 bbmwall.brandboxmedia.com.isakmp > 196.35.242.9.isakmp: [udp sum ok]isakmp 1.0 msgid 00000000: phase 1 I inf: (n: doi=ipsec proto=isakmp type=PAYLOAD-MALFORMED) (ttl 64, id 41774, len 68) ### Sometimes I also get (with the same config): ### ISAKMPD: 145200.109782 Default message_parse_payloads: invalid next payload type 38 in payload of type 5 145200.110241 Default dropped message from 196.35.242.9 port 500 due to notification type INVALID_PAYLOAD_TYPE PGP: SARequest: 209.212.107.74 (10.3.92.0/255.255.255.0) New Identity Exchange - Initiator Initiating Phase 1 Keying Send: SA/Vendor/SENT Rcvd: exchange=Identity, firstPayload=SA, port=500 Payloads:SA/ Proposal Selected (I): PreSharedKey, CAST5 Send: KE/Nonce/SENT Rcvd: exchange=Identity, firstPayload=KE, port=500 Payloads:KE/Nonce/ Send: (E):Ident/Hash/Notify/SENT Rcvd: exchange=Informational, firstPayload=Notify, port=500 New Informational Exchange - Responder Payloads:Notify/ Notification ALERT(R): 209.212.107.74, alert=InvalidPayload SAFailed: 209.212.107.74 (10.3.92.0/255.255.255.0) TCPDUMP: 14:51:18.957252 196.35.242.9.isakmp > bbmwall.brandboxmedia.com.isakmp: [udp sum ok]isakmp 1.0 msgid 00000000: phase 1 I ident: (sa: doi=ipsec situation=identity (p: #1 protoid=isakmp transform=2 (t: #1 id=ike (type=enc value=cast)(type=hash value=sha1)(type=auth value=preshared)(type=group desc value=0005)(type=lifetype value=sec)(type=lifeduration len=4 value=00015180)) (t: #2 id=ike (type=enc value=3des)(type=hash value=md5)(type=auth value=preshared)(type=group desc value=modp1024)(type=lifetype value=sec)(type=lifeduration len=4 value=00015180)))) (vid: len=12) (ttl 121, id 19699, len 164) 14:51:18.958343 bbmwall.brandboxmedia.com.isakmp > 196.35.242.9.isakmp: [udp sum ok]isakmp 1.0 msgid 00000000: phase 1 R ident: (sa: doi=ipsec situation=identity (p: #1 protoid=isakmp transform=1 (t: #1 id=ike (type=enc value=cast)(type=hash value=sha1)(type=auth value=preshared)(type=group desc value=0005)(type=lifetype value=sec)(type=lifeduration len=4 value=00015180)))) (ttl 64, id 41718, len 112) 14:51:19.093534 196.35.242.9.isakmp > bbmwall.brandboxmedia.com.isakmp: [udp sum ok]isakmp 1.0 msgid 00000000: phase 1 I ident: (ke: key len=192) (nonce: n len=32) (ttl 121, id 19700, len 288) 14:51:19.187478 bbmwall.brandboxmedia.com.isakmp > 196.35.242.9.isakmp: [udp sum ok]isakmp 1.0 msgid 00000000: phase 1 R ident: (ke: key len=192) (nonce: n len=32) (ttl 64, id 41719, len 288) 14:51:21.472116 196.35.242.9.isakmp > bbmwall.brandboxmedia.com.isakmp: [udp sum ok]isakmp 1.0 msgid 00000000: phase 1 I ident[E]: [|id] (ttl 121, id 19704, len 104) 14:51:21.473439 bbmwall.brandboxmedia.com.isakmp > 196.35.242.9.isakmp: [udp sum ok]isakmp 1.0 msgid 00000000: phase 1 I inf: (n: doi=ipsec proto=isakmp type=INVALID-PAYLOAD-TYPE) (ttl 64, id 41725, len 68) In the mail archives I see they say that INVALID_PAYLOAD_TYPE means the passphrases are wrong on either side. I've retyped and confirmed this. It doesn't seem to make a difference. Any idea what else I might be doing wrong. E. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?014f01c19459$f30696a0$09f223c4>