Radio Tron
2008-Jul-25 11:58 UTC
Shorewall - ERROR: reject the packet, received unexpecting payload type 0.
Could someone explain what this error means and how I might resolve this?
It''s being generated by Shorewall, when i connect using:
racoon -d -d -d -v -F -f /etc/racoon/racoon.conf
(Debug, Verbose, Foreground, cfgFile)
I am using AuthMethod Hybrid RSA client, with a self-siged certificate.
my racoon.conf has: exchange_mode aggressive;
ca_type x509 "/etc/pki/tls/cert.pem";
verify_cert off;
proposal_check obey;
mode_cfg on;
dpd_delay 20; # DPD poll every 20 seconds
nat_traversal force; # always use NAT-T
generate_policy on;
ike_frag on; # use IKE fragmentation
esp_frag 552;
passive off;
xauth_login "xyz";
proposal {
encryption_algorithm 3des;
hash_algorithm sha1;
authentication_method hybrid_rsa_client;
dh_group 2;
}
}
This is what racoon spits out:
2008-07-25 16:54:01: DEBUG: authmethod is Hybrid RSA client
2008-07-25 16:54:01: DEBUG: add payload of len 48, next type 4
2008-07-25 16:54:01: DEBUG: add payload of len 128, next type 10
2008-07-25 16:54:01: DEBUG: add payload of len 16, next type 5
2008-07-25 16:54:01: DEBUG: add payload of len 8, next type 13
2008-07-25 16:54:01: DEBUG: add payload of len 20, next type 13
2008-07-25 16:54:01: DEBUG: add payload of len 16, next type 13
2008-07-25 16:54:01: DEBUG: add payload of len 16, next type 13
2008-07-25 16:54:01: DEBUG: add payload of len 16, next type 13
2008-07-25 16:54:01: DEBUG: add payload of len 16, next type 13
2008-07-25 16:54:01: DEBUG: add payload of len 8, next type 13
2008-07-25 16:54:01: DEBUG: add payload of len 16, next type 13
2008-07-25 16:54:01: DEBUG: add payload of len 16, next type 0
[Note the next type 0]
2008-07-25 16:54:01: DEBUG: 400 bytes from 192.168.20.221[500] to
61.8.154.116[500]
2008-07-25 16:54:01: DEBUG: sockname 192.168.20.221[500]
2008-07-25 16:54:01: DEBUG: send packet from 192.168.20.221[500]
<SNIP>
8e87fbdb 8da5a4f4 b0f734c2 96546c20 0b100500 00000000 0000005c 00000040
00000000 0110000e 8e87fbdb 8da5a4f4 b0f734c2 96546c20 00060004 00000000
00040018 0000004e 6f207072 6f706f73 616c2069 73206368 6f73656e
2008-07-25 16:54:01: DEBUG: receive Information.
2008-07-25 16:54:01: ERROR: reject the packet, received unexpecting payload type
0.
[Note the received unexpecting[sic] payload type 0 error generated by Shorewall]
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer''s
challenge
Build the coolest Linux based applications with Moblin SDK & win great
prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
Tom Eastep
2008-Jul-25 15:07 UTC
Re: Shorewall - ERROR: reject the packet, received unexpecting payload type 0.
Radio Tron wrote:> 2008-07-25 16:54:01: DEBUG: receive Information. > 2008-07-25 16:54:01: ERROR: reject the packet, received unexpecting payload type 0. > > [Note the received unexpecting[sic] payload type 0 error generated by Shorewall]If you want help from us, please submit a report with the information described at http://www.shorewall.net/support.htm#Guidelines. -Tom PS -- that error message is not "generated by Shorewall". It may very well be the end result of an incorrect Shorewall configuration though. Have you followed the instructions at http://www.shorewall.net/IPSEC-2.6.html? Have you looked at the ''Shorewall'' log for the time period when this message was generated? -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/