Date: Tue, 29 Nov 2005 01:20:44 -0500 From: "Arcadiy Ivanov" <arcivanov@mail.ru> To: <freebsd-net@freebsd.org> Subject: FreeBSD <-> Windows XP IPSec Phase 1 Timeout Message-ID: <000d01c5f4ad$08ea4ea0$329da8c0@home.ivanovy.net>
next in thread | raw e-mail | index | archive | help
Dear everybody, I have a following problem which you might help me solve. I'm running a FreeBSD 6.0 box as a gateway with Windows XP road warrior clients VPNing in. In order to setup secure access I want to use IPSec for traffic encryption with the plain-text PPTP for tunneling. Windows XP IPSec policy is configured to ESP everything coming in and out of TCP port 1723 and GRE and same stands for FreeBSD box. Now here is a problem. Upon initiating PPTP dial-up connection from XP the IPSec negotiations start normally, both client and server agree on encryption & hashing standards successfully. But as soon as they do agree, all communications timeout. Tcpdump on FreeBSD box and Etherpeek on Windows should the IPSec packets being delivered to both machines, but both client and server behave as if packets were not delivered at all and obviously timeout. I do have PF firewall on the gateway but the result is the same for firewall being off or on or even not loaded into kernel. I have used racoon, isakmp and ipsec-tools racoon and the results are EXACTLY the same up to the corresponding lines in the logs - as soon as encryption policies are successfully negotiated and both clients switch to secure communication mode they lose sight of each other and both timeout. I of course understand that the logs are necessary and I'm ready to provide them if anybody is interested to help me solve the problem, but I'm hoping that somebody had this problem and knows the solutions off the top of his/her head. Thanks a lot, Arcadiy
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000d01c5f4ad$08ea4ea0$329da8c0>