From owner-freebsd-security@FreeBSD.ORG Tue Nov 20 12:34:20 2007 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CD31016A507 for ; Tue, 20 Nov 2007 12:34:20 +0000 (UTC) (envelope-from vanhu@zeninc.net) Received: from smtp.zeninc.net (reverse-25.fdn.fr [80.67.176.25]) by mx1.freebsd.org (Postfix) with ESMTP id 993A613C45D for ; Tue, 20 Nov 2007 12:34:20 +0000 (UTC) (envelope-from vanhu@zeninc.net) Received: by smtp.zeninc.net (smtpd, from userid 1000) id 9EDD53F1F; Tue, 20 Nov 2007 13:34:18 +0100 (CET) Date: Tue, 20 Nov 2007 13:34:18 +0100 From: VANHULLEBUS Yvan To: freebsd-security@freebsd.org Message-ID: <20071120123418.GA32444@zen.inc> References: <20071119093829.GA22050@zen.inc> <216526.27461.qm@web55401.mail.re4.yahoo.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <216526.27461.qm@web55401.mail.re4.yahoo.com> User-Agent: All mail clients suck. This one just sucks less. Subject: Re: IPSEC help X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Nov 2007 12:34:20 -0000 On Tue, Nov 20, 2007 at 02:57:17AM -0800, john decot wrote: > Hi, > > I have checked with different mode that obey and found error > no valid proposal and again i change lifetime too in bsd > server. But I can't found where should i have to change those > parameter in remote windows ipsec box. You shouldn't have to change setup on both ends: you can just changes values on one end (the BSD server) to match values of the other end. Acoording to the quick look I had at your previous dump and to my memory (ok, so that's probably not exact :-), you should just have to change lifetime to 28800 sec in remote section. Yvan. -- NETASQ http://www.netasq.com