From owner-freebsd-security Fri Jan 12 3:45:44 2001 Delivered-To: freebsd-security@freebsd.org Received: from aker.com.br (unknown [200.252.12.5]) by hub.freebsd.org (Postfix) with ESMTP id 7B10137B400; Fri, 12 Jan 2001 03:45:18 -0800 (PST) Received: from aker.com.br (jorge.aker.com.br [10.0.0.16]) by aker.com.br (8.9.3/8.9.3) with ESMTP id IAA08111; Fri, 12 Jan 2001 08:29:33 -0200 (BRST) (envelope-from jorge@aker.com.br) Message-ID: <3A5EEE44.28D6BAB1@aker.com.br> Date: Fri, 12 Jan 2001 09:45:08 -0200 From: Jorge Peixoto Vasquez Organization: Aker Security Solutions X-Mailer: Mozilla 4.73 [en] (X11; I; FreeBSD 4.2-STABLE i386) X-Accept-Language: en MIME-Version: 1.0 To: Boris Cc: net@freebsd.org, security@freebsd.org Subject: Re: IPSEC: racoon and Win2K References: <3A5B6E27.5787D716@aker.com.br> <1322983510.20010112110540@x-itec.de> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Boris wrote: [ interesting text deleted ] > > It takes some time to find a qualified solution to me, because I am > writing and maintaining the HOWTO in my free time. I will try to find > a solution, if you can explain my why to establish the connection from > the bsd box first. > Basically, what I need is to integrate our FreeBSD-based firewalls with existing WIN2K nets our customers already have. In this (more than I would like) common situation, I can never predict which side will start the communication (mostly tunnel-mode). The problem here is full interoperation, and, for that matter, both sides should be able to establish a connection. If desired, one of then should also be able to reject it, but this must be an optional behavior. Most important: I am sure Win2K should never drop the connection because it received a request for something it supports (DH groups 1 and 2). What I am not sure of is if racoon should or should not be able to send a request with null as the desired dh group. I can't see why would it harm. jOrge -- Jorge Peixoto Vasquez, Elet. Eng. Aker Security Solutions http://www.aker.com.br tel. +55 - 61 - 340 9083 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message