Connecting to openswan after update from iPhone

[andrewglass3]

Hey hope you can help please?

Recently updated openswan on my debian vpn. Since the update I cant connect via iPhone. It responds with

message ignored because it contains an unknown or unexpected payload type (ISAKMP_NEXT_SAK) at the outermost level

Any help would be appreciated :)

Thanks

Andy

[letoams]

On Sun, 4 May 2014, andrewglass3 wrote:

Hey hope you can help please?

Recently updated openswan on my debian vpn. Since the update I cant connect via iPhone. It responds with

message ignored because it contains an unknown or unexpected payload type (ISAKMP_NEXT_SAK) at the outermost level

Any help would be appreciated :)

It is a bug in the latest debian patch. You can downgrade until they
release an updated fix. The downgrade is only vulnerable to a
crash+restart bug, so you should be safe.

Paul

[andrewglass3]

Thank you for replying much appreciated :)

[andrewglass3]

Any news on this issue? Ive still had problems even on recent versions? Is it purely related to debian/ubuntu? Might have to switch to another distro?

[letoams]

No, it is present in all recent versions of openswan as upstream did not apply the full patch from libreswan. Libreswan does not have this issue. So you can either downgrade openswan or migrate to libreswan. Or wait on upstream to fix this issue by pulling in the 2nd half of the libreswan patch

[amurchick]

Any news? Or all migrated to libreswan?