From owner-freebsd-net@FreeBSD.ORG Wed Nov 30 08:44:15 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 08D6316A41F for ; Wed, 30 Nov 2005 08:44:15 +0000 (GMT) (envelope-from babolo@cicuta.babolo.ru) Received: from ints.mail.pike.ru (ints.mail.pike.ru [85.30.199.194]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9FA7243D64 for ; Wed, 30 Nov 2005 08:44:13 +0000 (GMT) (envelope-from babolo@cicuta.babolo.ru) Received: (qmail 52424 invoked from network); 30 Nov 2005 08:44:11 -0000 Received: from cicuta.babolo.ru (85.30.224.245) by ints.mail.pike.ru with SMTP; 30 Nov 2005 08:44:11 -0000 Received: (nullmailer pid 2095 invoked by uid 136); Wed, 30 Nov 2005 08:47:58 -0000 X-ELM-OSV: (Our standard violations) hdr-charset=KOI8-R; no-hdr-encoding=1 In-Reply-To: <000d01c5f4ad$08ea4ea0$329da8c0@home.ivanovy.net> To: Arcadiy Ivanov Date: Wed, 30 Nov 2005 11:47:58 +0300 (MSK) From: .@babolo.ru X-Mailer: ELM [version 2.4ME+ PL99b (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII Message-Id: <1133340478.570472.2094.nullmailer@cicuta.babolo.ru> Cc: freebsd-net@freebsd.org Subject: Re: FreeBSD <-> Windows XP IPSec Phase 1 Timeout X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Nov 2005 08:44:15 -0000 I am not expert in this, but I had similar problems in different environment when clocks was not synchronized exactly on both tunnel ends. > Dear everybody, > > I have a following problem which you might help me solve. I'm running a > FreeBSD 6.0 box as a gateway with Windows XP road warrior clients VPNing in. > In order to setup secure access I want to use IPSec for traffic encryption > with the plain-text PPTP for tunneling. Windows XP IPSec policy is > configured to ESP everything coming in and out of TCP port 1723 and GRE and > same stands for FreeBSD box. Now here is a problem. Upon initiating PPTP > dial-up connection from XP the IPSec negotiations start normally, both > client and server agree on encryption & hashing standards successfully. But > as soon as they do agree, all communications timeout. Tcpdump on FreeBSD box > and Etherpeek on Windows should the IPSec packets being delivered to both > machines, but both client and server behave as if packets were not delivered > at all and obviously timeout. I do have PF firewall on the gateway but the > result is the same for firewall being off or on or even not loaded into > kernel. I have used racoon, isakmp and ipsec-tools racoon and the results > are EXACTLY the same up to the corresponding lines in the logs - as soon as > encryption policies are successfully negotiated and both clients switch to > secure communication mode they lose sight of each other and both timeout. I > of course understand that the logs are necessary and I'm ready to provide > them if anybody is interested to help me solve the problem, but I'm hoping > that somebody had this problem and knows the solutions off the top of > his/her head. > > Thanks a lot, > Arcadiy > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >