[vpnc-devel] INVALID_PAYLOAD_TYPE
Maurice Massar
massar at unix-ag.uni-kl.de
Sat Feb 12 15:16:04 CET 2005
hi,
On Sat, Feb 12, 2005 at 02:46:51PM +0100, Åsmund Grammeltvedt wrote:
> I've seen some people with a problem that seems similar, but the debug
> output is not too easy to figure out and compare. :)
the interessting bit, is the last packet received befor "entering phase2_fatal"
In this case it is a Delete Notice, easiest recognized by the lines
"d.num_spi: ..." and "d.spi: ..." in the last payload (in contrast to
all lines starting with "n." in the case of a notice).
about what a delete-notice means at this point, it could be anything.
vpnc considers the mode-cfg phase done (where, for example, firewall
settings are "negotiated") and proceeds with IPSec-SA establishment.
The vpn concentrator notices that this client did not do some exchanges
which are required and terminates the connection. Implementing the
"delete with reason" extension might provide a more specific hint what
the actual problem is, but without there is afaik no way by which the
concentrator can tell the client what caused the failure..
> Does the log show symptoms of a firewall check in the concentrator, or
> could it be something else? I can also provide a windows cisco client log
> if necessary.
It could be a firewall check-
A log from the cisco client could verify this, alternatively asking the
Concentrator Admin may help as well (-;
cu
maurice
> BEGIN_PARSE
> i_cookie: 568171ec c40e8016
> r_cookie: c643990b c4a9335b
> payload: 08
> isakmp_version: 10
> exchange_type: 05
> flags: 01
> message_id: b3443dc5
> len: 0000004c
> PARSING PAYLOAD type: 08
> next_type: 0c
> length: 0014
> ke.data: b2d20673 f85099f5 3f2bc1b2 99f218fb
> DONE PARSING PAYLOAD type: 08
> PARSING PAYLOAD type: 0c
> next_type: 00
> length: 001c
> n.doi: 00000001
> n.protocol: 01
> n.spi_length: 10
> d.num_spi: 0001
> d.spi: 568171ec c40e8016 c643990b c4a9335b
> DONE PARSING PAYLOAD type: 0c
> PARSING PAYLOAD type: 00
> PARSE_OK
>
> hashlen: 16
> u.hash.length: 16
> expected_hash: fa38a033 d6fff4f9 71334b62 193e044f
> h->u.hash.data: b2d20673 f85099f5 3f2bc1b2 99f218fb
> S7.4
> S7.5
>
>
> ---!!!!!!!!! entering phase2_fatal !!!!!!!!!---
More information about the vpnc-devel
mailing list