From ff9531fbc899d504778f62343b62ff3b9c3a5cbb Mon Sep 17 00:00:00 2001
From: jdubois <jdubois+intra@evolix.fr>
Date: Thu, 19 Oct 2023 14:58:23 +0200
Subject: [PATCH] =?UTF-8?q?Ajout=20log=20probl=C3=A8mes=20avec=20SHA=20512?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 HowtoISAKMPD.md | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/HowtoISAKMPD.md b/HowtoISAKMPD.md
index 6b296e48..8975a6ca 100644
--- a/HowtoISAKMPD.md
+++ b/HowtoISAKMPD.md
@@ -282,4 +282,14 @@ isakmpd[10418]: message_validate_notify: protocol not supported
 
 Cela signifie a priori que la configuration en face à un réseau "remote" incorrect (soit complètement faux, soit pas sous la forme ADRESSE RÉSEAU / MASQUE)
 
-Voir <http://www.thegreenbow.com/support_flow.html?page=12105C&lang=fr>
\ No newline at end of file
+Voir <http://www.thegreenbow.com/support_flow.html?page=12105C&lang=fr>
+
+~~~
+isakmpd[80145]: dropped message from 192.0.2.1 port 500 due to notification type PAYLOAD_MALFORMED
+isakmpd[80145]: message_parse_payloads: reserved field non-zero: b8
+## OU
+isakmpd[80145]: dropped message from 192.0.2.1 port 500 due to notification type INVALID_PAYLOAD_TYPE
+isakmpd[80145]: message_parse_payloads: invalid next payload type <Unknown 55> in payload of type 5
+~~~
+
+C'est a priori à cause du paramètre d'authentification `hmac-sha2-512` utilisé qui n'est pas fonctionnel. Il faut préférer l'utilisation de `hmac-sha2-256`.
\ No newline at end of file