IPSec error payload missing: ID_R

ZupoLlask · August 7, 2019, 7:32pm

Hello,

This is about a tunnel between MikroTik with RouterOS v.6.45.3 (my endpoint) and Checkpoint R77.30 (remote endpoint).

After configuring everything, I’m getting IPsec error “payload missing: ID_R”.

Before asking the remote endpoint to define an ID (which I assume would be sent to MikroTik as IDr, as Checkpoint is the responder and MikroTik it is the initiator) I read documentation and found out IDr is an option (not mandatory), hence at “IPsec Identity” I activated “ignore” at “Remote ID Type”.

However… I’m still getting the “payload missing: ID_R” error.

What am I missing here?
Wasn’t this “ignore” option supposed to fix this kind of issue?

Thanks in advance for your help.

sindy · August 7, 2019, 8:21pm

I’m afraid that the responder ID can be ignored only in some authentication setups. Can you post your complete configuration? See my automatic signature below for hints on anonymisation.

emils · August 8, 2019, 6:43am

Remote-id=ignore simply skips the ID checking against remote peer’s certificate. Responder should always send the ID_r payload as per rfc7296.

https://tools.ietf.org/html/rfc7296#appendix-C.2

bluecrow76 · April 14, 2021, 6:29pm

The remote-id=ignore is only used for certificate based authentication… not PSK.