[vpnc-devel] Intermittent "payload too short" error

[John Williams]

Hello,

I get an intermittent error when connecting with vpnc 0.5.1:
   payload too short or not padded: len=374, min=28 (ivlen=16)

If I simply comment out the "return" statement following this line of
diagnostics, and adjust the payload length to be a multiple of 16
bytes, then vpnc simply carries on and connects OK.

Any suggestions? I've appended the "--debug 2" output from a session
that got this error; I would be happy to supply any more diagnostics
needed. It may or may not be relevant that I'm using an RSA keyfob for
password generation.

Regards,
John Williams

  
vpnc version 0.5.1
S1 init_sockaddr
S2 make_socket
S3 setup_tunnel
   using interface tun0
S4 do_phase1
S4.1 create_nonce
S4.2 dh setup
S4.3 AM packet_1
S4.4 AM_packet2
   got ike lifetime attributes: 2147483 seconds
   IKE SA selected psk+xauth-aes128-sha1
   ignoring that peer is DPD capable (RFC3706)
S4.5 AM_packet3
   NAT status: no NAT-T VID seen
S4.6 cleanup
S5 do_phase2_xauth
S5.1 xauth_start
S5.2 notice_check
   payload too short or not padded: len=374, min=28 (ivlen=16)
   got paket with wrong cookies
   got ike lifetime attributes: 86400 seconds
S5.3 type-is-xauth check
S5.4 xauth type check
S5.5 do xauth authentication
S5.2 notice_check
S5.3 type-is-xauth check
S5.6 process xauth response
S5.7 xauth done
S6 do_phase2_config
   got pfs setting: 0
   got address 10.187.38.57
S7 setup_link (phase 2 + main_loop)
S7.1 QM_packet1
S7.2 QM_packet2 send_receive
S7.3 QM_packet2 validate type
S7.5 QM_packet2 check reject offer
S7.6 QM_packet2 check and process proposal
   got ipsec lifetime attributes: 2147483 seconds
   IPSEC SA selected aes128-sha1
   got ipsec lifetime attributes: 28800 seconds
S7.7 QM_packet3 sent - run script
S7.8 setup ipsec tunnel
S7.9 main loop (receive and transmit ipsec packets)
   remote -> local spi: 0x72ed5d02
   local -> remote spi: 0xc62c019
VPNC started in background (pid: 3038)...