Community discussions

MikroTik App
 
ZupoLlask
just joined
Topic Author
Posts: 17
Joined: Mon Jan 26, 2015 1:26 pm

IPSec error payload missing: ID_R

Wed Aug 07, 2019 10:32 pm

Hello,

This is about a tunnel between MikroTik with RouterOS v.6.45.3 (my endpoint) and Checkpoint R77.30 (remote endpoint).

After configuring everything, I'm getting IPsec error "payload missing: ID_R".

Before asking the remote endpoint to define an ID (which I assume would be sent to MikroTik as IDr, as Checkpoint is the responder and MikroTik it is the initiator) I read documentation and found out IDr is an option (not mandatory), hence at "IPsec Identity" I activated "ignore" at "Remote ID Type".

However... I'm still getting the "payload missing: ID_R" error.

What am I missing here?
Wasn't this "ignore" option supposed to fix this kind of issue?

Thanks in advance for your help.
 
sindy
Forum Guru
Forum Guru
Posts: 10206
Joined: Mon Dec 04, 2017 9:19 pm

Re: IPSec error payload missing: ID_R

Wed Aug 07, 2019 11:21 pm

I'm afraid that the responder ID can be ignored only in some authentication setups. Can you post your complete configuration? See my automatic signature below for hints on anonymisation.
 
User avatar
emils
Forum Veteran
Forum Veteran
Posts: 906
Joined: Thu Dec 11, 2014 8:53 am

Re: IPSec error payload missing: ID_R

Thu Aug 08, 2019 9:43 am

Remote-id=ignore simply skips the ID checking against remote peer's certificate. Responder should always send the ID_r payload as per rfc7296.

https://tools.ietf.org/html/rfc7296#appendix-C.2
 
User avatar
bluecrow76
newbie
Posts: 33
Joined: Wed Sep 13, 2006 11:55 pm

Re: IPSec error payload missing: ID_R

Wed Apr 14, 2021 9:29 pm

Remote-id=ignore simply skips the ID checking against remote peer's certificate. Responder should always send the ID_r payload as per rfc7296.

https://tools.ietf.org/html/rfc7296#appendix-C.2
The remote-id=ignore is only used for certificate based authentication... not PSK.

Who is online

Users browsing this forum: Bing [Bot] and 88 guests