From owner-freebsd-security@FreeBSD.ORG  Fri Nov 30 02:25:02 2007
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id F1BEB16A418
	for <freebsd-security@freebsd.org>;
	Fri, 30 Nov 2007 02:25:02 +0000 (UTC) (envelope-from sakane@tanu.org)
Received: from mama.tanu.org (w132233.ppp.asahi-net.or.jp [121.1.132.233])
	by mx1.freebsd.org (Postfix) with ESMTP id BBC7F13C458
	for <freebsd-security@freebsd.org>;
	Fri, 30 Nov 2007 02:25:02 +0000 (UTC) (envelope-from sakane@tanu.org)
Received: from [192.168.204.128] (cp.64translator.com [202.214.123.2])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mama.tanu.org (Postfix) with ESMTP id 04BEA1A7C46;
	Fri, 30 Nov 2007 10:56:17 +0900 (JST)
Message-ID: <474F6DBD.8070203@tanu.org>
Date: Fri, 30 Nov 2007 10:56:13 +0900
From: Shoichi Sakane <sakane@tanu.org>
User-Agent: Mail/News 1.5.0.9 (X11/20070106)
MIME-Version: 1.0
To: john decot <johndecot@yahoo.com>
References: <899269.18771.qm@web55403.mail.re4.yahoo.com>
In-Reply-To: <899269.18771.qm@web55403.mail.re4.yahoo.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Mailman-Approved-At: Fri, 30 Nov 2007 02:49:38 +0000
Cc: freebsd-security@freebsd.org, Bjoern Engels <bj@0x20.net>
Subject: Re: IPSEC help
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Nov 2007 02:25:03 -0000

Hi,

I don't see detail thing of this thread totally.  I just found the
notify message type 0x1c, which is CERTIFICATE-UNAVAILABLE.
The point is that he got success with pre-shared key.  I think that
the problem is probably that he uses a self-signed certificate,
and the windows machine just rejects it.

> 2007-11-17 13:46:22: DEBUG: 
> a40e0e86 c6a792cc 082dacfe 812390c3 08100501 a1bb6774 00000054 0b000018
> 10240f69 9e97a58a b52e5f9c 772b2aa1 1e3851fb 0000001c 00000001 0110001c
> a40e0e86 c6a792cc 082dacfe 812390c3 00000000
> 2007-11-17 13:46:22: ERROR: ignore information because ISAKMP-SA has not been established yet.