not enough room in input packet for ISAKMP Message error message

If you are receiving below error it means someone is trying to force/hack his way into your vpn server.

Mar 4 05:14:44 localhost pluto[2714]: packet from 42.157.224.166:3354: sending notification PAYLOAD_MALFORMED to 42.157.224.166:3354
Mar 4 05:14:44 localhost pluto[2714]: packet from 42.157.224.166:3354: not enough room in input packet for ISAKMP Message
Mar 4 05:14:44 localhost pluto[2714]: packet from 42.157.224.166:3354: sending notification PAYLOAD_MALFORMED to 42.157.224.166:3354
Mar 4 05:14:45 localhost pluto[2714]: packet from 66.115.177.144:1200: not enough room in input packet for ISAKMP Message
Mar 4 05:14:45 localhost pluto[2714]: packet from 66.115.177.144:1200: sending notification PAYLOAD_MALFORMED to 66.115.177.144:1200
Mar 4 05:14:45 localhost pluto[2714]: packet from 66.115.177.144:1200: not enough room in input packet for ISAKMP Message
Mar 4 05:14:45 localhost pluto[2714]: packet from 66.115.177.144:1200: sending notification PAYLOAD_MALFORMED to 66.115.177.144:1200
Mar 4 05:14:45 localhost pluto[2714]: packet from 66.115.177.144:1200: not enough room in input packet for ISAKMP Message
Mar 4 05:14:45 localhost pluto[2714]: packet from 66.115.177.144:1200: sending notification PAYLOAD_MALFORMED to 66.115.177.144:1200
Mar 4 05:14:45 localhost pluto[2714]: packet from 111.177.21.199:30684: not enough room in input packet for ISAKMP Message
Mar 4 05:14:45 localhost pluto[2714]: packet from 111.177.21.199:30684: sending notification PAYLOAD_MALFORMED to 111.177.21.199:30684
Mar 4 05:14:45 localhost pluto[2714]: packet from 111.177.21.199:30684: not enough room in input packet for ISAKMP Message
Mar 4 05:14:45 localhost pluto[2714]: packet from 111.177.21.199:30684: sending notification PAYLOAD_MALFORMED to 111.177.21.199:30684
Mar 4 05:14:45 localhost pluto[2714]: packet from 111.177.21.199:30684: not enough room in input packet for ISAKMP Message
Mar 4 05:14:45 localhost pluto[2714]: packet from 111.177.21.199:30684: sending notification PAYLOAD_MALFORMED to 111.177.21.199:30684
Mar 4 05:14:45 localhost pluto[2714]: packet from 42.157.224.166:35324: not enough room in input packet for ISAKMP Message


This means 2 things:

  1. someone is deliberating trying to make a vpn connection that will obvious not work without proper configuration details
  2. by attempting over and over again, the disk will get full by writing down the error, and depending on the disk size the server may get full. When the server gets full, there is the potential to do more damage as unexpected behavior of the vpn can happen, by exploiting it.

The fix would be to block these ip's with iptables on the server like this:

iptables -A INPUT -s 42.157.224.166/32 -j DROP

It may take a few minutes for the rule to kick in, just give it some time. There may be hundred of cached connections already, and those can't be terminated, unless you reboot the server.

 

  • not enough room in input packet for ISAKMP Message, error
  • 1 Users Found This Useful
Was this answer helpful?

Related Articles

 Openvpn needs a gateway parameter for a route option and no default was specified

When this error is received you may need to do one of the following: enable tunnel isolation...

 Configuring a VPN Appliance for Remote Access

VPN Server Appliance Powered by OPNsense The VPN Appliance is powered by OPNsense, a...

 Shadowsocks socks proxy configuration and installation

How to install and configure Shadowsocks libev SOCKS5 proxy server on Centos and Ubunu...

 VPN Types

Planning ahead is required before choosing a VPN solution to make sure that the VPN solution...

 VPN Encryption and Security Protocols

VPN Encryption and Security Protocols Whenever you are planning and then deploying a VPN...