Community discussions

MikroTik App
 
psyfer
just joined
Topic Author
Posts: 1
Joined: Mon May 11, 2009 2:43 pm

IPSec - invalid length of payload

Mon May 11, 2009 2:58 pm

Hi,

I have had an IPSec tunnel between a mikrotik and Cisco setup for about 6 months.
Yesterday I upgraded to v3.23, and then after the upgrade, no IPSec tunnel couldn’t be established again.

This is the error log:

12:57:40 respond new phase 1 negotiation: 196.223.113.21[500]<=>193.142.87.124[500]
12:57:40 begin Identity Protection mode.
12:57:41 invalid length of payload
12:57:42 invalid length of payload
12:57:42 invalid length of payload


I then downgraded to v3.13 - but the problem still exists.
Has anyone had the same problem or know how to resolve it?
 
Muqatil
Trainer
Trainer
Posts: 573
Joined: Mon Mar 03, 2008 1:03 pm
Location: London - UK
Contact:

Re: IPSec - invalid length of payload

Wed May 13, 2009 4:14 pm

I've got the same issue against a JunOS router.. :?
 
ispan
just joined
Posts: 3
Joined: Thu Feb 24, 2005 10:53 am

Re: IPSec - invalid length of payload

Wed May 20, 2009 1:32 am

Looks like IPSec is broken in some 3.x release. What 3.x version works stable?

Eric
 
User avatar
sergejs
MikroTik Support
MikroTik Support
Posts: 6694
Joined: Thu Mar 31, 2005 3:33 pm
Location: Riga, Latvia
Contact:

Re: IPSec - invalid length of payload

Wed May 20, 2009 12:27 pm

Contact support (support@mikrotik.com) with the attached support output file from the 3.23 router.
 
User avatar
NAB
Trainer
Trainer
Posts: 542
Joined: Tue Feb 10, 2009 4:08 pm
Location: UK
Contact:

Re: IPSec - invalid length of payload

Thu Nov 04, 2010 6:56 pm

I'm seeing this with ROS 5.0rc3 connecting to a Fortinet Fortigate.

Should I downgrade to the latest 4.x?
 
User avatar
BlackRat
Frequent Visitor
Frequent Visitor
Posts: 97
Joined: Sat Jul 21, 2012 8:37 am

Re: IPSec - invalid length of payload

Tue Aug 03, 2021 9:07 am

I have RB4011iGS+ with 6.48.3 installed that connected to the RouterOS-x86 6.48.3. And I have the same situation:

13:05:09 ipsec,debug ===== received 76 bytes from XX.XXX.XX.XX[1025] to YY.YYY.YYY.YY[4500]
13:05:09 ipsec,debug,packet 53c28f4e 6b6fd2c5 8ce8c01f 63c109a1 05100201 00000000 0000004c 8abac649
13:05:09 ipsec,debug,packet 38a64a42 fa9c3851 aabe2004 4985b179 8dcda2f3 515d24f1 33ec005e af74ceeb
13:05:09 ipsec,debug,packet f1039154 2231616d 01567c30
13:05:09 ipsec,debug,packet encryption(aes)
13:05:09 ipsec,debug,packet IV was saved for next processing:
13:05:09 ipsec,debug,packet af74ceeb f1039154 2231616d 01567c30
13:05:09 ipsec,debug,packet encryption(aes)
13:05:09 ipsec,debug,packet with key:
13:05:09 ipsec,debug,packet fc8023c3 99853760 baf97e8b d482945a
13:05:09 ipsec,debug,packet decrypted payload by IV:
13:05:09 ipsec,debug,packet d90b87c0 1a054350 36fa6997 bf9a9c27
13:05:09 ipsec,debug,packet decrypted payload, but not trimed.
13:05:09 ipsec,debug,packet a572f40e 5583db16 f012686b a2a7e30e b3c42691 ee344454 7a19ef4a f969d5d1
13:05:09 ipsec,debug,packet a36c1423 2507872c aee4825f 4e8d4e02
13:05:09 ipsec,debug,packet padding len=3
13:05:09 ipsec,debug,packet skip to trim padding.
13:05:09 ipsec,debug,packet decrypted.
13:05:09 ipsec,debug,packet 53c28f4e 6b6fd2c5 8ce8c01f 63c109a1 05100201 00000000 0000004c a572f40e
13:05:09 ipsec,debug,packet 5583db16 f012686b a2a7e30e b3c42691 ee344454 7a19ef4a f969d5d1 a36c1423
13:05:09 ipsec,debug,packet 2507872c aee4825f 4e8d4e02
13:05:09 ipsec,debug begin.
13:05:09 ipsec,debug seen nptype=5(id) len=62478
13:05:09 ipsec invalid length of payload
13:05:09 ipsec,error XX.XXX.XX.XX parsing packet failed, possible cause: wrong password

I have about 30 IPSec tunnels (Site-To-Site) and only a few of them writes same errors to log.
 
User avatar
BlackRat
Frequent Visitor
Frequent Visitor
Posts: 97
Joined: Sat Jul 21, 2012 8:37 am

Re: IPSec - invalid length of payload

Tue Sep 14, 2021 11:22 am

Same situation!
parsing packet failed, possible cause: wrong password
I have about 45 different IPSEC-tunnels and only one of the routers generating this error.
I tried to change proposals - same situation. Tunnel established, but constantly see this error!
/system routerboard print
routerboard: yes
model: RB4011iGS+
serial-number: ....
firmware-type: al2
factory-firmware: 6.45.1
current-firmware: 6.48.3
upgrade-firmware: 6.48.3

Who is online

Users browsing this forum: Sailwebwifi and 57 guests