Strange Windows 11 RAS client IKEv2 error 13843

alex32c · May 23, 2025, 10:04am

Good day!
When I try to connect to the router by IKEv2 (UserManager), get a strange error on Windows 11 RAS client 13843 “Invalid payload received”. Has anyone encountered it?

ROS 7.18.2

/ip ipsec mode-config
add address-pool=ike2-pool address-prefix-length=32 name=ike2-conf split-include=10.10.10.70/32 system-dns=no
/ip ipsec policy group
add name=ike2-policies
/ip ipsec profile
set [ find default=yes ] dh-group=modp2048,modp1536,modp1024 dpd-interval=disable-dpd enc-algorithm=aes-256,aes-192,aes-128,3des hash-algorithm=sha256 name=ikev2
add dh-group=modp2048,modp1536,modp1024 dpd-interval=disable-dpd enc-algorithm=aes-256,aes-192,aes-128,3des hash-algorithm=sha256 name=ike2
/ip ipsec peer
add exchange-mode=ike2 name=ike2 passive=yes profile=ike2 send-initial-contact=no
/ip ipsec proposal
add auth-algorithms=sha512,sha256,sha1 enc-algorithms=chacha20poly1305,aes-256-cbc,aes-256-ctr,aes-256-gcm,aes-192-cbc,aes-192-ctr,aes-192-gcm,aes-128-cbc,aes-128-ctr,aes-128-gcm lifetime=22m name=ikev2 pfs-group=none
/ip ipsec identity
add auth-method=eap-radius certificate=8e7a09681d0a.sn.mynetname.net,r11.pem_0 generate-policy=port-strict mode-config=ike2-conf peer=ike2 policy-template-group=ike2-policies
/ip ipsec policy
add dst-address=192.168.77.0/24 group=ike2-policies proposal=ikev2 src-address=0.0.0.0/0 template=yes

Log:

 2025-05-23 12:55:38 ipsec -> ike2 request, exchange: SA_INIT:0 x.x.x.x[500] cf6b5dd51b62262c:0000000000000000
 2025-05-23 12:55:38 ipsec ike2 respond
 2025-05-23 12:55:38 ipsec payload seen: SA
 2025-05-23 12:55:38 ipsec payload seen: KE
 2025-05-23 12:55:38 ipsec payload seen: NONCE
 2025-05-23 12:55:38 ipsec payload seen: NOTIFY
 2025-05-23 12:55:38 ipsec payload seen: NOTIFY
 2025-05-23 12:55:38 ipsec payload seen: NOTIFY
 2025-05-23 12:55:38 ipsec payload seen: VID
 2025-05-23 12:55:38 ipsec payload seen: VID
 2025-05-23 12:55:38 ipsec payload seen: VID
 2025-05-23 12:55:38 ipsec payload seen: VID
 2025-05-23 12:55:38 ipsec processing payload: SA
 2025-05-23 12:55:38 ipsec IKE Protocol: IKE
 2025-05-23 12:55:38 ipsec  proposal #1
 2025-05-23 12:55:38 ipsec   enc: aes128-cbc
 2025-05-23 12:55:38 ipsec   prf: hmac-sha256
 2025-05-23 12:55:38 ipsec   auth: sha256
 2025-05-23 12:55:38 ipsec   dh: modp1024
 2025-05-23 12:55:38 ipsec matched proposal:
 2025-05-23 12:55:38 ipsec  proposal #1
 2025-05-23 12:55:38 ipsec   enc: aes128-cbc
 2025-05-23 12:55:38 ipsec   prf: hmac-sha256
 2025-05-23 12:55:38 ipsec   auth: sha256
 2025-05-23 12:55:38 ipsec   dh: modp1024
 2025-05-23 12:55:38 ipsec processing payload: KE
 2025-05-23 12:55:38 ipsec ike2 respond finish: request, exchange: SA_INIT:0 x.x.x.x[500] cf6b5dd51b62262c:0000000000000000
 2025-05-23 12:55:38 ipsec processing payload: NONCE
 2025-05-23 12:55:38 ipsec adding payload: SA
 2025-05-23 12:55:38 ipsec adding payload: KE
 2025-05-23 12:55:38 ipsec adding payload: NONCE
 2025-05-23 12:55:38 ipsec adding notify: NAT_DETECTION_SOURCE_IP
 2025-05-23 12:55:38 ipsec adding notify: NAT_DETECTION_DESTINATION_IP
 2025-05-23 12:55:38 ipsec adding notify: IKEV2_FRAGMENTATION_SUPPORTED
 2025-05-23 12:55:38 ipsec adding payload: CERTREQ
 2025-05-23 12:55:38 ipsec <- ike2 reply, exchange: SA_INIT:0 x.x.x.x[500] cf6b5dd51b62262c:c57f52372e305a33
 2025-05-23 12:55:38 ipsec processing payloads: VID
 2025-05-23 12:55:38 ipsec peer is MS Windows (ISAKMPOAKLEY 9)
 2025-05-23 12:55:38 ipsec processing payloads: NOTIFY
 2025-05-23 12:55:38 ipsec   notify: IKEV2_FRAGMENTATION_SUPPORTED
 2025-05-23 12:55:38 ipsec   notify: NAT_DETECTION_SOURCE_IP
 2025-05-23 12:55:38 ipsec   notify: NAT_DETECTION_DESTINATION_IP
 2025-05-23 12:55:38 ipsec (NAT-T) REMOTE 
 2025-05-23 12:55:38 ipsec KA list add: y.y.y.y[4500]->x.x.x.x[4500]
 2025-05-23 12:55:38 ipsec fragmentation negotiated
 2025-05-23 12:55:38 ipsec -> ike2 request, exchange: AUTH:1 x.x.x.x[4500] cf6b5dd51b62262c:c57f52372e305a33
 2025-05-23 12:55:38 ipsec payload seen: SKF
 2025-05-23 12:55:38 ipsec processing payload: ENC (not found)
 2025-05-23 12:55:38 ipsec processing payload: SKF
 2025-05-23 12:55:38 ipsec => invalid payload (first 0x100 of 0x228)
 2025-05-23 12:55:38 ipsec 23000228 00010016 a0bb9aff bb36bb61 2ebd8d5e 95f8751d 2cf3e3a0 b6b5abfd
 2025-05-23 12:55:38 ipsec 0d02f560 97f9853c be470171 1e66135a 7b2731b8 db369a68 5d5c9010 0eda27f4
 2025-05-23 12:55:38 ipsec 1000885d c2525ee1 20ca1575 ff0e8b21 1e17dd91 7c11aed9 ce846aba 63faa79b
 2025-05-23 12:55:38 ipsec 150eabdf 6b003128 72a71f57 aa07e444 811feff7 fe631373 e8b5c776 bdd34a0d
 2025-05-23 12:55:38 ipsec a3de1d01 3416ca89 fab592dd e2650d6e 8503479c 547237e8 73111ccb 74d813cc
 2025-05-23 12:55:38 ipsec 7a689a9a 5e1a9863 b908a8de 1a6bc9d5 eb0131f4 1ab2216a bfeb09eb e53b77ac
 2025-05-23 12:55:38 ipsec 976fb301 8390c019 104d2a87 1cd96678 3cf413db c8b2ff6d ed9676eb 6417e589
 2025-05-23 12:55:38 ipsec ddd71b15 3d1c7184 2fa8f3d0 3d55d571 3d5ad7c1 4cacd9cb d8ff820b 8373e670
 2025-05-23 12:55:38 ipsec reply notify: INVALID_SYNTAX
 2025-05-23 12:55:38 ipsec adding notify: INVALID_SYNTAX
 2025-05-23 12:55:38 ipsec <- ike2 reply, exchange: AUTH:1 x.x.x.x[4500] cf6b5dd51b62262c:c57f52372e305a33
 2025-05-23 12:55:38 ipsec -> ike2 request, exchange: AUTH:1 x.x.x.x[4500] cf6b5dd51b62262c:c57f52372e305a33
 2025-05-23 12:55:38 ipsec retransmitting reply
 2025-05-23 12:55:38 ipsec -> ike2 request, exchange: AUTH:1 x.x.x.x[4500] cf6b5dd51b62262c:c57f52372e305a33
 2025-05-23 12:55:38 ipsec retransmitting reply
 2025-05-23 12:55:38 ipsec -> ike2 request, exchange: AUTH:1 x.x.x.x[4500] cf6b5dd51b62262c:c57f52372e305a33
 2025-05-23 12:55:38 ipsec retransmitting reply
 2025-05-23 12:55:38 ipsec -> ike2 request, exchange: AUTH:1 x.x.x.x[4500] cf6b5dd51b62262c:c57f52372e305a33
 2025-05-23 12:55:38 ipsec retransmitting reply
 2025-05-23 12:55:38 ipsec -> ike2 request, exchange: AUTH:1 x.x.x.x[4500] cf6b5dd51b62262c:c57f52372e305a33
 2025-05-23 12:55:38 ipsec retransmitting reply
 2025-05-23 12:55:38 ipsec -> ike2 request, exchange: AUTH:1 x.x.x.x[4500] cf6b5dd51b62262c:c57f52372e305a33
 2025-05-23 12:55:38 ipsec retransmitting reply
 2025-05-23 12:55:38 ipsec -> ike2 request, exchange: AUTH:1 x.x.x.x[4500] cf6b5dd51b62262c:c57f52372e305a33
 2025-05-23 12:55:38 ipsec retransmitting reply
 2025-05-23 12:55:38 ipsec -> ike2 request, exchange: AUTH:1 x.x.x.x[4500] cf6b5dd51b62262c:c57f52372e305a33
 2025-05-23 12:55:38 ipsec retransmitting reply
 2025-05-23 12:55:38 ipsec -> ike2 request, exchange: AUTH:1 x.x.x.x[4500] cf6b5dd51b62262c:c57f52372e305a33
 2025-05-23 12:55:38 ipsec retransmitting reply
 2025-05-23 12:55:38 ipsec -> ike2 request, exchange: AUTH:1 x.x.x.x[4500] cf6b5dd51b62262c:c57f52372e305a33
 2025-05-23 12:55:38 ipsec retransmitting reply
 2025-05-23 12:55:38 ipsec -> ike2 request, exchange: AUTH:1 x.x.x.x[4500] cf6b5dd51b62262c:c57f52372e305a33
 2025-05-23 12:55:38 ipsec retransmitting reply
 2025-05-23 12:55:38 ipsec -> ike2 request, exchange: AUTH:1 x.x.x.x[4500] cf6b5dd51b62262c:c57f52372e305a33
 2025-05-23 12:55:38 ipsec retransmitting reply
 2025-05-23 12:55:38 ipsec -> ike2 request, exchange: AUTH:1 x.x.x.x[4500] cf6b5dd51b62262c:c57f52372e305a33
 2025-05-23 12:55:38 ipsec retransmitting reply
 2025-05-23 12:55:38 ipsec -> ike2 request, exchange: AUTH:1 x.x.x.x[4500] cf6b5dd51b62262c:c57f52372e305a33
 2025-05-23 12:55:38 ipsec retransmitting reply
 2025-05-23 12:55:38 ipsec -> ike2 request, exchange: AUTH:1 x.x.x.x[4500] cf6b5dd51b62262c:c57f52372e305a33
 2025-05-23 12:55:38 ipsec retransmitting reply
 2025-05-23 12:55:38 ipsec -> ike2 request, exchange: AUTH:1 x.x.x.x[4500] cf6b5dd51b62262c:c57f52372e305a33
 2025-05-23 12:55:38 ipsec retransmitting reply
 2025-05-23 12:55:38 ipsec -> ike2 request, exchange: AUTH:1 x.x.x.x[4500] cf6b5dd51b62262c:c57f52372e305a33
 2025-05-23 12:55:38 ipsec retransmitting reply
 2025-05-23 12:55:38 ipsec -> ike2 request, exchange: AUTH:1 x.x.x.x[4500] cf6b5dd51b62262c:c57f52372e305a33
 2025-05-23 12:55:38 ipsec retransmitting reply
 2025-05-23 12:55:38 ipsec -> ike2 request, exchange: AUTH:1 x.x.x.x[4500] cf6b5dd51b62262c:c57f52372e305a33
 2025-05-23 12:55:38 ipsec retransmitting reply
 2025-05-23 12:55:38 ipsec -> ike2 request, exchange: AUTH:1 x.x.x.x[4500] cf6b5dd51b62262c:c57f52372e305a33
 2025-05-23 12:55:38 ipsec retransmitting reply
 2025-05-23 12:55:38 ipsec -> ike2 request, exchange: AUTH:1 x.x.x.x[4500] cf6b5dd51b62262c:c57f52372e305a33
 2025-05-23 12:55:38 ipsec retransmitting reply
 2025-05-23 12:56:08 ipsec child negotiation timeout in state 0
 2025-05-23 12:56:08 ipsec KA remove: y.y.y.y[4500]->x.x.x.x[4500]

alex32c · June 3, 2025, 8:02am

Dear Sindy could you help please?

nod430 · June 25, 2025, 12:14pm

I also encountered a similar problem , does anyone have any idea why this error occurs?

"2025-05-23 12:55:38 ipsec => invalid payload (first 0x100 of 0x228)

2025-05-23 12:55:38 ipsec 23000228 00010016 a0bb9aff bb36bb61 2ebd8d5e 95f8751d 2cf3e3a0 b6b5abfd

2025-05-23 12:55: 38 ipsec 0d02f560 97f9853c be470171 1e66135a 7b2731b8 db369a68 5d5c9010 0eda27f4

2025-05-23 12:55:38 ipsec 1000885d c2525ee1 20ca1575 ff0e8b21 1e17dd91 7c11aed9 ce846aba 63faa79b

2025-05-23 12:55: 38 ipsec 150eabdf 6b003128 72a71f57 aa07e444 811feff7 fe631373 e8b5c776 bdd34a0d

2025-05-23 12:55:38 ipsec a3de1d01 3416ca89 fab592dd e2650d6e 8503479c 547237e8 73111ccb 74d813cc

2025-05-23 12:55: 38 ipsec 7a689a9a9a 5e1a9863 b908a8de 1a6bc9d5 eb0131f4 1ab2216a bfeb09eb e53b77ac

2025-05-23 12:55: 38 ipsec 976fb301 8390c019 104d2a87 1cd96678 3cf413db c8b2ff6d ed9676eb 6417e589

2025-05-23 12:55:38 ipsec ddd71b15 3d1c7184 2fa8f3d0 3d55d571 3d5ad7c1 4cacd9cb d8ff820b 8373e670""