starred/docker-ipsec-vpn-server
1
0
Fork 0
mirror of https://github.com/hwdsl2/docker-ipsec-vpn-server.git synced 2026-04-26 10:05:48 +03:00
Code Issues Projects Releases Packages Wiki Activity

[GH-ISSUE #123] length of ISAKMP Identification Payload is larger than can fit #110

New issue
Closed
opened 2026-03-02 07:27:47 +03:00 by kerem · 15 comments
kerem commented 2026-03-02 07:27:47 +03:00
Owner
Copy link

Originally created by @rs-development on GitHub (Jan 31, 2019).
Original GitHub issue: https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/123

i am trying to connect from ubuntu 18.10 to the vpn server running on debian strech


Jan 31 22:59:58 c730329001dc pluto[2288]: "l2tp-psk"[3] 12.34.56.78 #5: responding to Main Mode from unknown peer 12.34.56.78 on port 55332
Jan 31 22:59:58 c730329001dc pluto[2288]: "l2tp-psk"[3] 12.34.56.78 #5: STATE_MAIN_R1: sent MR1, expecting MI2
Jan 31 22:59:59 c730329001dc pluto[2288]: "l2tp-psk"[3] 12.34.56.78 #4: STATE_MAIN_R2: retransmission; will wait 32 seconds for response
Jan 31 23:00:02 c730329001dc pluto[2288]: "l2tp-psk"[3] 12.34.56.78 #5: retransmitting in response to duplicate packet; already STATE_MAIN_R1
Jan 31 23:00:02 c730329001dc pluto[2288]: "l2tp-psk"[3] 12.34.56.78 #5: STATE_MAIN_R2: sent MR2, expecting MI3
Jan 31 23:00:02 c730329001dc pluto[2288]: "l2tp-psk"[3] 12.34.56.78 #5: byte at offset 1 (29) of 'ISAKMP Identification Payload'.'?reserved?' is 0xb3 but should have been zero (ignored)
Jan 31 23:00:02 c730329001dc pluto[2288]: "l2tp-psk"[3] 12.34.56.78 #5: length of ISAKMP Identification Payload is larger than can fit
Jan 31 23:00:02 c730329001dc pluto[2288]: "l2tp-psk"[3] 12.34.56.78 #5: probable authentication failure (mismatch of preshared secrets?): malformed payload in packet
Jan 31 23:00:02 c730329001dc pluto[2288]: "l2tp-psk"[3] 12.34.56.78 #5: STATE_MAIN_R2: retransmission; will wait 0.5 seconds for response
Jan 31 23:00:03 c730329001dc pluto[2288]: "l2tp-psk"[3] 12.34.56.78 #5: STATE_MAIN_R2: retransmission; will wait 1 seconds for response
Jan 31 23:00:04 c730329001dc pluto[2288]: "l2tp-psk"[3] 12.34.56.78 #5: STATE_MAIN_R2: retransmission; will wait 2 seconds for response
Jan 31 23:00:06 c730329001dc pluto[2288]: "l2tp-psk"[3] 12.34.56.78 #5: STATE_MAIN_R2: retransmission; will wait 4 seconds for response
Jan 31 23:00:06 c730329001dc pluto[2288]: "l2tp-psk"[3] 12.34.56.78 #5: byte at offset 1 (29) of 'ISAKMP Identification Payload'.'?reserved?' is 0xb3 but should have been zero (ignored)
Jan 31 23:00:06 c730329001dc pluto[2288]: "l2tp-psk"[3] 12.34.56.78 #5: length of ISAKMP Identification Payload is larger than can fit
Jan 31 23:00:06 c730329001dc pluto[2288]: "l2tp-psk"[3] 12.34.56.78 #5: probable authentication failure (mismatch of preshared secrets?): malformed payload in packet
Jan 31 23:00:10 c730329001dc pluto[2288]: "l2tp-psk"[3] 12.34.56.78 #5: STATE_MAIN_R2: retransmission; will wait 8 seconds for response
Jan 31 23:00:10 c730329001dc pluto[2288]: "l2tp-psk"[3] 12.34.56.78 #5: ERROR: asynchronous network error report on eth0 (sport=500) for message to 12.34.56.78 port 55332, complainant 12.34.56.78: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)]
Jan 31 23:00:18 c730329001dc pluto[2288]: "l2tp-psk"[3] 12.34.56.78 #5: STATE_MAIN_R2: retransmission; will wait 16 seconds for response
Jan 31 23:00:18 c730329001dc pluto[2288]: "l2tp-psk"[3] 12.34.56.78 #5: ERROR: asynchronous network error report on eth0 (sport=500) for message to 12.34.56.78 port 55332, complainant 12.34.56.78: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)]
Originally created by @rs-development on GitHub (Jan 31, 2019). Original GitHub issue: https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/123 i am trying to connect from ubuntu 18.10 to the vpn server running on debian strech ``` Jan 31 22:59:58 c730329001dc pluto[2288]: "l2tp-psk"[3] 12.34.56.78 #5: responding to Main Mode from unknown peer 12.34.56.78 on port 55332 Jan 31 22:59:58 c730329001dc pluto[2288]: "l2tp-psk"[3] 12.34.56.78 #5: STATE_MAIN_R1: sent MR1, expecting MI2 Jan 31 22:59:59 c730329001dc pluto[2288]: "l2tp-psk"[3] 12.34.56.78 #4: STATE_MAIN_R2: retransmission; will wait 32 seconds for response Jan 31 23:00:02 c730329001dc pluto[2288]: "l2tp-psk"[3] 12.34.56.78 #5: retransmitting in response to duplicate packet; already STATE_MAIN_R1 Jan 31 23:00:02 c730329001dc pluto[2288]: "l2tp-psk"[3] 12.34.56.78 #5: STATE_MAIN_R2: sent MR2, expecting MI3 Jan 31 23:00:02 c730329001dc pluto[2288]: "l2tp-psk"[3] 12.34.56.78 #5: byte at offset 1 (29) of 'ISAKMP Identification Payload'.'?reserved?' is 0xb3 but should have been zero (ignored) Jan 31 23:00:02 c730329001dc pluto[2288]: "l2tp-psk"[3] 12.34.56.78 #5: length of ISAKMP Identification Payload is larger than can fit Jan 31 23:00:02 c730329001dc pluto[2288]: "l2tp-psk"[3] 12.34.56.78 #5: probable authentication failure (mismatch of preshared secrets?): malformed payload in packet Jan 31 23:00:02 c730329001dc pluto[2288]: "l2tp-psk"[3] 12.34.56.78 #5: STATE_MAIN_R2: retransmission; will wait 0.5 seconds for response Jan 31 23:00:03 c730329001dc pluto[2288]: "l2tp-psk"[3] 12.34.56.78 #5: STATE_MAIN_R2: retransmission; will wait 1 seconds for response Jan 31 23:00:04 c730329001dc pluto[2288]: "l2tp-psk"[3] 12.34.56.78 #5: STATE_MAIN_R2: retransmission; will wait 2 seconds for response Jan 31 23:00:06 c730329001dc pluto[2288]: "l2tp-psk"[3] 12.34.56.78 #5: STATE_MAIN_R2: retransmission; will wait 4 seconds for response Jan 31 23:00:06 c730329001dc pluto[2288]: "l2tp-psk"[3] 12.34.56.78 #5: byte at offset 1 (29) of 'ISAKMP Identification Payload'.'?reserved?' is 0xb3 but should have been zero (ignored) Jan 31 23:00:06 c730329001dc pluto[2288]: "l2tp-psk"[3] 12.34.56.78 #5: length of ISAKMP Identification Payload is larger than can fit Jan 31 23:00:06 c730329001dc pluto[2288]: "l2tp-psk"[3] 12.34.56.78 #5: probable authentication failure (mismatch of preshared secrets?): malformed payload in packet Jan 31 23:00:10 c730329001dc pluto[2288]: "l2tp-psk"[3] 12.34.56.78 #5: STATE_MAIN_R2: retransmission; will wait 8 seconds for response Jan 31 23:00:10 c730329001dc pluto[2288]: "l2tp-psk"[3] 12.34.56.78 #5: ERROR: asynchronous network error report on eth0 (sport=500) for message to 12.34.56.78 port 55332, complainant 12.34.56.78: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)] Jan 31 23:00:18 c730329001dc pluto[2288]: "l2tp-psk"[3] 12.34.56.78 #5: STATE_MAIN_R2: retransmission; will wait 16 seconds for response Jan 31 23:00:18 c730329001dc pluto[2288]: "l2tp-psk"[3] 12.34.56.78 #5: ERROR: asynchronous network error report on eth0 (sport=500) for message to 12.34.56.78 port 55332, complainant 12.34.56.78: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)] ```
kerem closed this issue 2026-03-02 07:27:47 +03:00
kerem commented 2026-03-02 07:27:48 +03:00
Author
Owner
Copy link

@hwdsl2 commented on GitHub (Jan 31, 2019):

Note: Please first set up your own VPN server.

注:请首先 搭建自己的 VPN 服务器

@rs-development Your IPsec pre-shared key entered on your VPN client does not match that on the VPN server (in /etc/ipsec.secrets). Re-enter your PSK and check for typos.

<!-- gh-comment-id:459542932 --> @hwdsl2 commented on GitHub (Jan 31, 2019): ### Note: Please first [set up your own VPN server](https://github.com/hwdsl2/setup-ipsec-vpn). ### 注:请首先 [搭建自己的 VPN 服务器](https://github.com/hwdsl2/setup-ipsec-vpn/blob/master/README-zh.md)。 --- @rs-development Your IPsec pre-shared key entered on your VPN client does not match that on the VPN server (in `/etc/ipsec.secrets`). Re-enter your PSK and check for typos.
kerem commented 2026-03-02 07:27:48 +03:00
Author
Owner
Copy link

@rs-development commented on GitHub (Jan 31, 2019):

Thank you for the fast reply!

I also saw this in the log and checked the psk twice, i also changed the key and tried again but no success. Is there any other option?

<!-- gh-comment-id:459550901 --> @rs-development commented on GitHub (Jan 31, 2019): Thank you for the fast reply! I also saw this in the log and checked the psk twice, i also changed the key and tried again but no success. Is there any other option?
kerem commented 2026-03-02 07:27:48 +03:00
Author
Owner
Copy link

@hwdsl2 commented on GitHub (Jan 31, 2019):

@rs-development How did you set up the VPN client? Using the GUI or the command line? That error usually means your PSK does not match that on the server. So the only option is to double check the PSK.

<!-- gh-comment-id:459551255 --> @hwdsl2 commented on GitHub (Jan 31, 2019): @rs-development How did you set up the VPN client? Using the GUI or the command line? That error usually means your PSK does not match that on the server. So the only option is to double check the PSK.
kerem commented 2026-03-02 07:27:48 +03:00
Author
Owner
Copy link

@rs-development commented on GitHub (Jan 31, 2019):

I used the gui on the ubuntu network manager.

screenshot from 2019-02-01 00-53-21
screenshot from 2019-02-01 00-53-08
screenshot from 2019-02-01 00-52-56

<!-- gh-comment-id:459552564 --> @rs-development commented on GitHub (Jan 31, 2019): I used the gui on the ubuntu network manager. ![screenshot from 2019-02-01 00-53-21](https://user-images.githubusercontent.com/35149229/52093558-dee25e00-25bb-11e9-9dd3-05347366d55c.png) ![screenshot from 2019-02-01 00-53-08](https://user-images.githubusercontent.com/35149229/52093559-dee25e00-25bb-11e9-8978-513f9bf0e846.png) ![screenshot from 2019-02-01 00-52-56](https://user-images.githubusercontent.com/35149229/52093560-df7af480-25bb-11e9-9f3c-35ff0d5e1897.png)
kerem commented 2026-03-02 07:27:49 +03:00
Author
Owner
Copy link

@hwdsl2 commented on GitHub (Jan 31, 2019):

@rs-development The error means the PSK does not match. Try changing to a
secure alphanumeric PSK in /etc/ipsec.secrets on the server, then enter it
in the client. You must restart the IPsec service after changing the PSK to
take effect.

<!-- gh-comment-id:459553487 --> @hwdsl2 commented on GitHub (Jan 31, 2019): @rs-development The error means the PSK does not match. Try changing to a secure alphanumeric PSK in /etc/ipsec.secrets on the server, then enter it in the client. You must restart the IPsec service after changing the PSK to take effect.
kerem commented 2026-03-02 07:27:49 +03:00
Author
Owner
Copy link

@rs-development commented on GitHub (Feb 1, 2019):

Are there any special considerations for the PSK?
I tried a key that was to short in the beginning this error is now gone. I am sure the PSK is exactly the same on the client as on the server.

<!-- gh-comment-id:459555650 --> @rs-development commented on GitHub (Feb 1, 2019): Are there any special considerations for the PSK? I tried a key that was to short in the beginning this error is now gone. I am sure the PSK is exactly the same on the client as on the server.
kerem commented 2026-03-02 07:27:49 +03:00
Author
Owner
Copy link

@hwdsl2 commented on GitHub (Feb 1, 2019):

@rs-development Glad to hear it works. The PSK should not contain these
special characters: “ ' \

If the key is too short Libreswan might show a warning but AFAIK it may
still work.

<!-- gh-comment-id:459556139 --> @hwdsl2 commented on GitHub (Feb 1, 2019): @rs-development Glad to hear it works. The PSK should not contain these special characters: “ ' \ If the key is too short Libreswan might show a warning but AFAIK it may still work.
kerem commented 2026-03-02 07:27:49 +03:00
Author
Owner
Copy link

@rs-development commented on GitHub (Feb 1, 2019):

Ahh i was unclear. The error still exists, at first i was using a short one, after i made the key longer the error described above occured

<!-- gh-comment-id:459556643 --> @rs-development commented on GitHub (Feb 1, 2019): Ahh i was unclear. The error still exists, at first i was using a short one, after i made the key longer the error described above occured
kerem commented 2026-03-02 07:27:49 +03:00
Author
Owner
Copy link

@hwdsl2 commented on GitHub (Feb 1, 2019):

@rs-development I see. Not really sure what happened. Make sure that the
PSK match and that you restart the IPsec service on the server after
changing the PSK.

<!-- gh-comment-id:459557070 --> @hwdsl2 commented on GitHub (Feb 1, 2019): @rs-development I see. Not really sure what happened. Make sure that the PSK match and that you restart the IPsec service on the server after changing the PSK.
kerem commented 2026-03-02 07:27:49 +03:00
Author
Owner
Copy link

@rs-development commented on GitHub (Feb 1, 2019):

I removed the container and created a new one with a new key, after startup i used the PSK from docker logs -f ipsec-vpn-server to connect to the vpn server

<!-- gh-comment-id:459558087 --> @rs-development commented on GitHub (Feb 1, 2019): I removed the container and created a new one with a new key, after startup i used the PSK from `docker logs -f ipsec-vpn-server` to connect to the vpn server
kerem commented 2026-03-02 07:27:50 +03:00
Author
Owner
Copy link

@hwdsl2 commented on GitHub (Feb 1, 2019):

@rs-development Yes that is the correct approach. I forgot that you are
using Docker. You’ll need to remove and recreate the Docker container each
time after you change your “env” file. See README for details. Please do
some further troubleshooting yourself.

<!-- gh-comment-id:459559242 --> @hwdsl2 commented on GitHub (Feb 1, 2019): @rs-development Yes that is the correct approach. I forgot that you are using Docker. You’ll need to remove and recreate the Docker container each time after you change your “env” file. See README for details. Please do some further troubleshooting yourself.
kerem commented 2026-03-02 07:27:50 +03:00
Author
Owner
Copy link

@rs-development commented on GitHub (Feb 1, 2019):

thanks for your time, i will try again!

is there a chance the problem is maybe i am behind a big NAT from my ISP?

<!-- gh-comment-id:459559604 --> @rs-development commented on GitHub (Feb 1, 2019): thanks for your time, i will try again! is there a chance the problem is maybe i am behind a big NAT from my ISP?
kerem commented 2026-03-02 07:27:50 +03:00
Author
Owner
Copy link

@hwdsl2 commented on GitHub (Feb 1, 2019):

@rs-development I don’t think NAT might be the issue according to the
errors in your logs.

<!-- gh-comment-id:459560175 --> @hwdsl2 commented on GitHub (Feb 1, 2019): @rs-development I don’t think NAT might be the issue according to the errors in your logs.
kerem commented 2026-03-02 07:27:50 +03:00
Author
Owner
Copy link

@felangga commented on GitHub (Dec 20, 2019):

I have the same problem too, actually it works from yesterday morning, but suddenly it won't connect and show the same error. The PSK key is correct.

<!-- gh-comment-id:568119406 --> @felangga commented on GitHub (Dec 20, 2019): I have the same problem too, actually it works from yesterday morning, but suddenly it won't connect and show the same error. The PSK key is correct.
kerem commented 2026-03-02 07:27:50 +03:00
Author
Owner
Copy link

@ZbigniewRA commented on GitHub (Jun 30, 2020):

I have the same issue. PSK is 100% correct, retried it many, many times.

<!-- gh-comment-id:651847175 --> @ZbigniewRA commented on GitHub (Jun 30, 2020): I have the same issue. PSK is 100% correct, retried it many, many times.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
No results found.
Labels
Clear labels   
bug

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
question
No labels
bug
pull-request
question
question
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/docker-ipsec-vpn-server#110
No description provided.