[strongSwan] Help with " next payload type of ISAKMP Identification Payload has an unknown value: 155 "

Ghose, Gautam gautam.ghose at bluecoat.com
Fri Oct 17 03:36:02 CEST 2014 

Hi There!
We are using a strongswan server based on version 4.5.3 against which a bunch of iOS devices
are connecting in as VPN clients. Most of the tunnels get established fine; however, intermittently,
I would say, one in fifty connections do not go through. On such failure cases I see the following
log lines on the server. (More logs below)
==
next payload type of ISAKMP Identification Payload has an unknown value: 155
==
In the various different failure cases I get a different 'unknown' value (e.g. 155, 23, 84 etc) each time.
I did some searches on strongswan and other relevant forums and only hint I found 
seemed to suggest that the PSK's might not have matched on both ends.
But, we are not using PSK's; our authentication is certificate-based!!
Also, if this is of any relevance, we are using NAT-T.
Thus, any clue what might be going on here? And what I can try to fix or diagnose this better?
Thanks,
Gautam Ghose

== relevant pluto logs from the server ==
Oct 15 22:10:59 concentrator pluto[30683]: | *received 292 bytes from <public-ip-address>:212 on eth0
Oct 15 22:10:59 concentrator pluto[30683]: | ICOOKIE:  92 4e 2e 06  45 b2 e2 f4
Oct 15 22:10:59 concentrator pluto[30683]: | RCOOKIE:  1e 5f 16 0b  46 84 51 e4
Oct 15 22:10:59 concentrator pluto[30683]: | peer:  43 34 d8 12
Oct 15 22:10:59 concentrator pluto[30683]: | state hash entry 31
Oct 15 22:10:59 concentrator pluto[30683]: | state object #2529395 found, in STATE_MAIN_R1
Oct 15 22:10:59 concentrator pluto[30683]: "CertSite_4048_34562_79972430-3100-4230-a161-d12ebb061fc4_0"[765336] <public-ip-address>:212 #2529395: NAT-Traversal: Result using RFC 3947: peer is NATed
Oct 15 22:10:59 concentrator pluto[30683]: | inserting event EVENT_RETRANSMIT, timeout in 4 seconds for #2529395
...
...
Oct 15 22:10:59 concentrator pluto[30683]: | *received 1980 bytes from <public-ip-address>:17757 on eth0
Oct 15 22:10:59 concentrator pluto[30683]: | ICOOKIE:  92 4e 2e 06  45 b2 e2 f4
Oct 15 22:10:59 concentrator pluto[30683]: | RCOOKIE:  1e 5f 16 0b  46 84 51 e4
Oct 15 22:10:59 concentrator pluto[30683]: | peer:  43 34 d8 12
Oct 15 22:10:59 concentrator pluto[30683]: | state hash entry 31
Oct 15 22:10:59 concentrator pluto[30683]: | state object #2529395 found, in STATE_MAIN_R2
Oct 15 22:10:59 concentrator pluto[30683]: "CertSite_4048_34562_79972430-3100-4230-a161-d12ebb061fc4_0"[765336] <public-ip-address>:212 #2529395: next payload type of ISAKMP Identification Payload has an unknown value: 155
Oct 15 22:10:59 concentrator pluto[30683]: "CertSite_4048_34562_79972430-3100-4230-a161-d12ebb061fc4_0"[765336] <public-ip-address>:212 #2529395: malformed payload in packet
Oct 15 22:10:59 concentrator pluto[30683]: "CertSite_4048_34562_79972430-3100-4230-a161-d12ebb061fc4_0"[765336] <public-ip-address>:212 #2529395: sending encrypted notification PAYLOAD_MALFORMED to 67.52.216.18:212
== END OF relevant pluto logs from the server ==

More information about the Users mailing list