Date: Mon, 02 Apr 2001 15:36:56 +0900 From: Shoichi Sakane <sakane@ydc.co.jp> To: jorge@aker.com.br Cc: freebsd-security@freebsd.org Subject: Re: IPSEC: racoon and Win2K Message-ID: <20010402153656U.sakane@ydc.co.jp> In-Reply-To: Your message of "Sat, 24 Mar 2001 16:47:42 -0600" <39F078A4FCEC5D408C23FC3D92DEE4020162B9@tyr.kinsman.lan> References: <39F078A4FCEC5D408C23FC3D92DEE4020162B9@tyr.kinsman.lan>
next in thread | previous in thread | raw e-mail | index | archive | help
> The only problem I've encountered is that, when making Win2K and FreeBSD
> interoperate, the IKE's phase 2 only suceeds if
> Win2K initiates the process. If racoon is to start it, Win2k will not
> accept any proposal for phase 2, complaining that the dh group number
> (which should correctly be either 1 or 2) received is 1 or 2 (depending
> on the pfs_group setting in racoon.conf) and not null(0). If I try
> setting pfs_group to null, I get a parse error.=20
It would be helpful if win2k dumped some messages a little more.
please check configurations both of racoon and win2k,
and make sure exactly same between them.
also try to delete the line, "pfs_group 2;".
I could negotiate with win2k when racoon was initiate.
> sainfo anonymous
> {
> # does not matter if 1 or 2, zero (expected by Win2K) won't parse.
> pfs_group 2;
>
> lifetime time 36000 sec;
> lifetime byte 50000 KB;
> encryption_algorithm 3des,des ;
> authentication_algorithm hmac_sha1,hmac_md5;
> compression_algorithm deflate ;
> }
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010402153656U.sakane>