From owner-freebsd-net Wed Feb 20 1: 2: 8 2002 Delivered-To: freebsd-net@freebsd.org Received: from mx1.dev.itouchnet.net (devco.net [196.15.188.2]) by hub.freebsd.org (Postfix) with ESMTP id 7BEC537B405 for ; Wed, 20 Feb 2002 01:02:03 -0800 (PST) Received: from nobody by mx1.dev.itouchnet.net with scanned_ok (Exim 3.33 #2) id 16dShG-000Kfu-00 for freebsd-net@freebsd.org; Wed, 20 Feb 2002 11:05:54 +0200 Received: from shell.devco.net ([196.15.188.7]) by mx1.dev.itouchnet.net with esmtp (Exim 3.33 #2) id 16dShD-000Kfd-00; Wed, 20 Feb 2002 11:05:51 +0200 Received: from bvi by shell.devco.net with local (Exim 3.33 #4) id 16dSg5-00093l-00; Wed, 20 Feb 2002 11:04:41 +0200 Date: Wed, 20 Feb 2002 11:04:41 +0200 From: Barry Irwin To: tang hongbin Cc: freebsd-net@freebsd.org Subject: Re: connection win2000 to racoon on freebsd4.3 Message-ID: <20020220110441.F25707@itouchlabs.com> References: <20020220085354.5237.qmail@web11606.mail.yahoo.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20020220085354.5237.qmail@web11606.mail.yahoo.com>; from hongbintang@yahoo.com on Wed, Feb 20, 2002 at 12:53:54AM -0800 X-Checked: This message has been scanned for any virusses and unauthorized attachments. X-iScan-ID: 79474-1014195954-64073@mx1.dev.itouchnet.net version $Name: REL_2_0_2 $ Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I have had win2k working fine. The trick is you need to use MMC and the ipsec snapin to map your own IPsec policies, specifically remove the standard Kerberos authentication and either use shared passwords, or certificates, both of which work with Racoon. The phase 2 failure is indicitive that either your shared secrets do not match ( have you checked the psk.txt file for racoon - modes are especially NB in this mode - but also that you have the right secret for the IP address) Barry -- Barry Irwin bvi@itouchlabs.com +27214875150 Systems Administrator: Networks And Security Itouch Labs http://www.itouchlabs.com South Africa On Wed 2002-02-20 (00:53), tang hongbin wrote: > Dear all; > > I tried to build VPN tunnels between win2000 > professional and FreeBSD4.2 with RACOON as IKE > negotiator. The procedures were described as > following: > > 1: I set up local policies on win2000. > 2: I added rules into racoon.conf and/or psk.txt. > > when I sended messages from win2000 to BSD VPN server, > RACOON met problems at phase 2 and printed the > following infomation: > .... > isakmp-info_recv_n():776 unknown notify message.... > .. > > If you has succeeded in connecting win2000 and RACOON > on FressBSD, please give your setup procedure in > detail. > > Thank you > > bill.tang > hongbintang@yahoo.com > > > __________________________________________________ > Do You Yahoo!? > Yahoo! Sports - Coverage of the 2002 Olympic Games > http://sports.yahoo.com > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message > > -- Barry Irwin bvi@itouchlabs.com +27214875150 Systems Administrator: Networks And Security Itouch Labs http://www.itouchlabs.com South Africa To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message