Date: Tue, 20 Nov 2007 12:08:31 +0100 From: Bjoern Engels <bj@0x20.net> To: john decot <johndecot@yahoo.com> Cc: freebsd-security@freebsd.org Subject: Re: IPSEC help Message-ID: <20071120110831.GB90344@e.0x20.net> In-Reply-To: <216526.27461.qm@web55401.mail.re4.yahoo.com> References: <20071119093829.GA22050@zen.inc> <216526.27461.qm@web55401.mail.re4.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Nov 20, 2007 at 02:57:17AM -0800, john decot wrote:
> Hi,
>
> I have checked with different mode that obey and found error no valid proposal and again i change lifetime too in bsd server. But I can't found where should i have to change those parameter in remote windows ipsec box.
>
> Could you please suggest me.
[...]
> 2007-11-17 13:46:22: DEBUG: Compared: DB:Peer
> 2007-11-17 13:46:22: DEBUG: (lifetime = 1800:28800)
I suggest you change the lifetime in racoon's config to 28800 seconds if
you cannot change it at the peer.
Aonther thing I'd check is encryption/hash algorithms. You'll probably
have the best compatibility if you change everything to 3DES-MD5.
--
Viele Gruesse // Best regards
Bjoern Engels
:wq!
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20071120110831.GB90344>