[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

PAYLOAD_MALFORMED error between obsd and fw-1 vpn



i've established (?) an ipsec vpn tunnel between an
obsd 3.3 device and a nokia/checkpoint appliance
running fw-1 ng fp3.  the vpn utilizes 3des encryption
with md5 as the hashing algorithm and ike for key
exchange with pre-shared secrets.

the vpn appears to be up because i can access devices
between the two networks.  in addition, the checkpoint
log shows successful decrypts of packets originating
from the obsd side and successful key exchanges.

however, occasionally i get the following errors in
/var/log/messages on the obsd gateway:

isakmpd[6253]: message_parse_payloads: reserved field
non-zero: ba
isakmpd[6253]: dropped message from 1.2.3.4 port 500
due to notification type PAYLOAD_MALFORMED
isakmpd[6253]: message_parse_payloads: reserved field
non-zero: ba
isakmpd[6253]: dropped message from 1.2.3.4 port 500
due to notification type PAYLOAD_MALFORMED

i've checked around in some old posting and saw some
entries regarding making sure the pre-shared secrets
match.  i've done that as well as trying different
ipsec settings (e.g. sha1 rather than md5).

here's a copy of my isakmpd.conf file:

[General]
Retransmits=5
Exchange-max-time=120
Listen-on=5.6.7.8

[Phase 1]
1.2.3.4=local-remote

[local-remote]
Phase=1
Transport=udp
Local-address=5.6.7.8
Address=1.2.3.4
Configuration=Default-main-mode
Authentication=

[Phase 2]
Connections=VPN-local-remote-10.1.0.0/255.255.0.0

[VPN-local-remote-10.1.0.0/255.255.0.0]
Phase=2
ISAKMP-peer=local-remote
Configuration=Default-quick-mode
Local-ID=network-10.55.0.0/255.255.0.0
Remote-ID=network-10.1.0.0/255.255.0.0

[network-10.55.0.0/255.255.0.0]
ID-type=IPV4_ADDR_SUBNET
Network=10.55.0.0
Netmask=255.255.0.0

[network-10.1.0.0/255.255.0.0]
ID-type=IPV4_ADDR_SUBNET
Network=10.1.0.0
Netmask=255.255.0.0
               
[Default-main-mode]
DOI=IPSEC
EXCHANGE_TYPE=ID_PROT
Transforms=3DES-MD5-GRP2

[Default-quick-mode]
DOI=IPSEC
EXCHANGE_TYPE=QUICK_MODE
Suites=QM-ESP-3DES-MD5-SUITE

note that both the log file entries and my copy of
isakmpd.conf have had the routeable ip addresses
changed.  in addition i've removed the shared secret.

any information as to how i can figure out what this
error is or how to fix it is appreciated.

thanks.

-paul


__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com



Visit your host, monkey.org