From owner-freebsd-security Sat Jul 27 5:34:42 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4B64E37B400; Sat, 27 Jul 2002 05:34:38 -0700 (PDT) Received: from fep1.cogeco.net (smtp.cogeco.net [216.221.81.25]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9723F43E4A; Sat, 27 Jul 2002 05:34:37 -0700 (PDT) (envelope-from dlavigne6@cogeco.ca) Received: from d226-33-213.home.cgocable.net (d226-33-213.home.cgocable.net [24.226.33.213]) by fep1.cogeco.net (Postfix) with ESMTP id 507753B61; Sat, 27 Jul 2002 08:34:34 -0400 (EDT) Date: Sat, 27 Jul 2002 08:39:46 -0400 (EDT) From: Dru X-X-Sender: dlavigne6@x1-6-00-80-c8-3a-b8-46.kico2.on.cogeco.ca To: Matthew Grooms Cc: freebsd-questions@FreeBSD.ORG, Subject: Re: vpn1/fw1 NG to ipsec/racoon troubles, help please ... In-Reply-To: Message-ID: <20020727083722.A86804-100000@x1-6-00-80-c8-3a-b8-46.kico2.on.cogeco.ca> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Fri, 26 Jul 2002, Matthew Grooms wrote: > Hello, > > I have a freebsd related ipsec question. I have set up a checkpoint > vpn1/fw1 NG ( feature pack 2 )gateway for vpn connectivity to the > hospital I work for. Most of the guys on my team run linux/bsd at thier > house so I have set up encrypt rules in vpn1 to allow us connect to the > checkpoint box and tunnel into our network from home. In any case, one > of my coworkers has had pretty good success with the freeswan ( can > connect and route traffic ) but I am getting some weird behavior using > racoon/kame ipsec. I was hoping somone could help me out with this. I > have attached most configuration info in this email and am more than > willing to try just about anything to get this up and running. I could > even go so far as to set up a temporary profile in a sandbox if somone > who knows what they are doing would like take a stab at it. > > I am running Checkpoint VPN1/FW1 with Feature pack 2 installed. The > VPN1 side is set up to reflect my freebsd configuration. I am using > preshared keys for authentication 3des/md5 & pfs. ( although I have > tried a myriad of permutations ) The freebsd side is version 4.4 with > the following kernel options. Have you tried a "tcpdump port 500" during Phase 1 negotiations? This will show the proposal exchange so you can see which parts aren't matching up. If that doesn't do it, send that output along with your racoon.conf file. Dru To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message