From owner-freebsd-security Thu Jan 11 3:50:50 2001 Delivered-To: freebsd-security@freebsd.org Received: from aker.com.br (unknown [200.252.12.5]) by hub.freebsd.org (Postfix) with ESMTP id 115F837B698; Thu, 11 Jan 2001 03:50:25 -0800 (PST) Received: from aker.com.br (jorge.aker.com.br [10.0.0.16]) by aker.com.br (8.9.3/8.9.3) with ESMTP id IAA05339; Thu, 11 Jan 2001 08:34:38 -0200 (BRST) (envelope-from jorge@aker.com.br) Message-ID: <3A5CD61C.673C1B83@aker.com.br> Date: Wed, 10 Jan 2001 19:37:32 -0200 From: Jorge Peixoto Vasquez Organization: Aker Security Solutions X-Mailer: Mozilla 4.73 [en] (X11; I; FreeBSD 4.2-STABLE i386) X-Accept-Language: en MIME-Version: 1.0 To: freebsd-net@freebsd.org, freebsd-security@freebsd.org Subject: Re: IPSEC: racoon and Win2K References: <5077.979084280@coconut.itojun.org> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org itojun@iijlab.net wrote: > > >The only problem I've encountered is that, when making Win2K and FreeBSD > >interoperate, the IKE's phase 2 only suceeds if > >Win2K initiates the process. If racoon is to start it, Win2k will not > >accept any proposal for phase 2, complaining that the dh group number > >(which should correctly be either 1 or 2) received is 1 or 2 (depending > >on the pfs_group setting in racoon.conf) and not null(0). If I try > >setting pfs_group to null, I get a parse error. > > try removing "pfs_group 2" line. the problem here is that PFS group > is not negotiated (from the protocol spec), so > - if Win2K uses no pfs group, racoon obeys > - if racoon proposes either pfs group 1/2, Win2K rejects > hope this helps. > I had already done it, but it acts exactly the same way as it does if I put "pfs_group 2" or "pfs_group modp1024", i.e. sends '2' to Win2K. Anyone was successfull in making these interoperate? Could you please tell me which racoon version you used and please send me the conf file? Thanx anyways, jOrge -- Jorge Peixoto Vasquez, Elet. Eng. Aker Security Solutions tel. +55 - 61 - 340 9083 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message