[strongSwan] DPD issue
Andreas Steffen
andreas.steffen at strongswan.org
Tue Nov 27 07:30:09 CET 2012
Hello Joel,
the DPD implementation of the IPsec peer on the remote side
seems to be broken. The DPD RFC 3706
http://tools.ietf.org/html/rfc3706#section-5.3
states:
- SPI Size (1 octet) - SHOULD be set to sixteen (16), the length of
two octet-sized ISAKMP cookies.
but the SPI size is set to 0:
: DPD: R_U_THERE has invalid SPI length (0)
Regards
Andreas
On 27.11.2012 05:51, Joel Duckworth wrote:
> Hey guys, I'm running with Vyatta 6.5 (I believe that is using
> StrongSwan) connecting to Amazon AWS VPN
>
> Any idea what these message mean and what might be causing them? It
> seems they are DPD message being sent to my side.
>
> /var/log/messages:Nov 27 10:58:51 hostname pluto[3586]: packet from
> 54.240.204.91:500 <http://54.240.204.91:500>: received Vendor ID payload
> [Dead Peer Detection]
> /var/log/messages:Nov 27 10:58:51 hostname pluto[3586]:
> "peer-54.240.204.91-tunnel-vti" #97135: responding to Main Mode
> /var/log/messages:Nov 27 10:58:51 hostname pluto[3586]:
> "peer-54.240.204.91-tunnel-vti" #97135: Peer ID is ID_IPV4_ADDR:
> '54.240.204.91'
> /var/log/messages:Nov 27 10:58:51 hostname pluto[3586]:
> "peer-54.240.204.91-tunnel-vti" #97135: sent MR3, ISAKMP SA established
> /var/log/messages:Nov 27 10:58:51 hostname pluto[3586]:
> "peer-54.240.204.91-tunnel-vti" #97135: *DPD: R_U_THERE has invalid SPI
> length (0*)
> /var/log/messages:Nov 27 10:58:51 hostname pluto[3586]:
> "peer-54.240.204.91-tunnel-vti" #97135: *sending encrypted notification
> PAYLOAD_MALFORMED to 54.240.204.91:500 <http://54.240.204.91:500>*
> /var/log/messages:Nov 27 10:58:56 hostname pluto[3586]: packet from
> 54.240.204.92:500 <http://54.240.204.92:500>: received Vendor ID payload
> [Dead Peer Detection]
> /var/log/messages:Nov 27 10:58:56 hostname pluto[3586]:
> "peer-54.240.204.92-tunnel-vti" #97136: responding to Main Mode
> /var/log/messages:Nov 27 10:58:56 hostname pluto[3586]:
> "peer-54.240.204.92-tunnel-vti" #97136: Peer ID is ID_IPV4_ADDR:
> '54.240.204.92'
> /var/log/messages:Nov 27 10:58:56 hostname pluto[3586]:
> "peer-54.240.204.92-tunnel-vti" #97136: sent MR3, ISAKMP SA established
> /var/log/messages:Nov 27 10:58:56 hostname pluto[3586]:
> "peer-54.240.204.92-tunnel-vti" #97136: *DPD: R_U_THERE has invalid SPI
> length (0)*
> /var/log/messages:Nov 27 10:58:56 hostname pluto[3586]:
> "peer-54.240.204.92-tunnel-vti" #97136: sending encrypted notification
> *PAYLOAD_MALFORMED to 54.240.204.92:500 <http://54.240.204.92:500>*
>
> Thanks, Joel
======================================================================
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4468 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20121127/658728a2/attachment.bin>
More information about the Users
mailing list