December 2, 2008 02:03am pst

1. lrmoore 123,490
2. batry_boy 70,960
3. RobWill 37,550
4. dpk_wal 32,425
5. arnold 25,175
6. Voltz-dk 16,420
7. ebjers 16,130
8. rsivanandan 14,175
9. mkielar 12,500
10. harbor235 12,000
11. JFrederic... 11,800
12. MrHusy 11,000
13. Cyclops3... 10,900
14. _jesper_ 9,575
15. SteveH_UK 9,000
15. bkepford 9,000
17. mwecom... 7,985
18. trinak96 7,865
19. PeteLong 7,475
20. Qlemo 6,840
21. AugustTen 6,500
22. SysExpert 6,000
22. Jay_Gridley 6,000
22. decoleur 6,000
25. wilsj 5,600

1. lrmoore 382,832
2. RobWill 192,774
3. batry_boy 117,335
4. richrumble 111,117
5. rsivanandan 59,892
6. ahoffmann 44,523
7. dpk_wal 42,425
8. arnold 38,435
9. Cyclops3... 35,775
10. grblades 35,012
11. pseudocy... 34,059
12. harbor235 30,398
13. tim_holman 27,445
14. kbbcnet 26,524
15. ebjers 25,140
16. decoleur 25,014
17. Tolomir 23,651
18. sciwriter 23,050
19. Voltz-dk 23,020
20. keith_ala... 22,600
21. giltjr 22,145
22. calvinetter 20,950
23. PowerIT 20,560
24. chris_cal... 19,770
25. PeteLong 19,155

10.29.2007 at 07:20AM PDT, ID: 22924334

	[x] Attachment Details

[x]

The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

The Grade of the Solution
The Zone Rank of the Expert Providing the Solution
The Number of Author and Expert Comments
The Number of Experts Contributing
The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!

5.8

IPSec/Openswan on Linux and Win XP client can't connect - "ignoring Vendor ID payload"

Asked by tomfra in IPSec Security Protocol, Miscellaneous Networking, Virtual Private Networking (VPN)

Tags: openswan, ipsec, client

I have successfully installed Openswan on my Linux server (2.6.18, NETKEY) and done some initial configuration according to how-to at http://www.jacco2.dds.nl/networking/openswan-l2tp.html . Although my configuration is not finished yet, it should already be at point where the IPSec connection should be established as described at point 12 in the how-to (http://www.jacco2.dds.nl/networking/openswan-l2tp.html#InitiatingIPsec).

Unfortunately, I get some errors in the server /var/log/secure log:

Oct 29 14:22:55 server pluto[17145]: packet from CLIENT_IP:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
Oct 29 14:22:55 server pluto[17145]: packet from CLIENT_IP:500: ignoring Vendor ID payload [FRAGMENTATION]
Oct 29 14:22:55 server pluto[17145]: packet from CLIENT_IP:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
Oct 29 14:22:55 server pluto[17145]: packet from CLIENT_IP:500: ignoring Vendor ID payload [Vid-Initial-Contact]
Oct 29 14:22:55 server pluto[17145]: packet from CLIENT_IP:500: initial Main Mode message received on SERVER_IP:500 but no connection has been authorized
Oct 29 14:23:26 server pluto[17145]: packet from CLIENT_IP:500: ignoring Delete SA payload: not encrypted
Oct 29 14:23:26 server pluto[17145]: packet from CLIENT_IP:500: received and ignored informational message

Config file in /etc/ipsec.d (included from /etc/ipsec.conf (it's just a test config with weak security):

conn L2TP-PSK
authby=secret
pfs=no
rekey=no
keyingtries=3
left=%defaultroute
leftprotoport=17/1701
right=%any
rightprotoport=17/%any
auto=add

Secrets file (properly loaded according to server logs, again just a low security one for testing):

PUBLIC_SERVER_IP PUBLIC_CLIENT_IP: PSK "mytestkey"
PUBLIC_SERVER_IP %any: PSK "mytestkey"
PUBLIC_CLIENT_IP %any: PSK "mytestkey"

I wasn't sure about the format of the secrets file but I guess it should make the connection possible, in theory...

"ipsec verify" on the server shows no problems - everything is OK and Opportunistic Encryption is Disabled.

Any ideas what may be causing the "ignoring Vendor ID payload" error messages?

Start Free Trial

Keywords: IPSec/Openswan on Linux and Win X…

	Title
1	IPSEC Problem
2	what is IPSec?
3	Proxy and IPSEC
4	Where is the VPN Overhead in an IPSe…
5	IPSec VPN
6	Cisco 871W to ASA5100 ipsec tu…

Loading Advertisement...

20080716-EE-VQP-32 / EE_QW_2_20070628

IPSec/Openswan on Linux and Win XP client can't connect - "ignoring Vendor ID payload"

Asked by tomfra in IPSec Security Protocol, Miscellaneous Networking, Virtual Private Networking (VPN)

Tags: openswan, ipsec, client

About this solution