Date: Wed, 30 Nov 2005 11:47:58 +0300 (MSK) From: .@babolo.ru To: Arcadiy Ivanov <arcivanov@mail.ru> Cc: freebsd-net@freebsd.org Subject: Re: FreeBSD <-> Windows XP IPSec Phase 1 Timeout Message-ID: <1133340478.570472.2094.nullmailer@cicuta.babolo.ru> In-Reply-To: <000d01c5f4ad$08ea4ea0$329da8c0@home.ivanovy.net>
next in thread | previous in thread | raw e-mail | index | archive | help
I am not expert in this, but I had similar problems in different environment when clocks was not synchronized exactly on both tunnel ends. > Dear everybody, > > I have a following problem which you might help me solve. I'm running a > FreeBSD 6.0 box as a gateway with Windows XP road warrior clients VPNing in. > In order to setup secure access I want to use IPSec for traffic encryption > with the plain-text PPTP for tunneling. Windows XP IPSec policy is > configured to ESP everything coming in and out of TCP port 1723 and GRE and > same stands for FreeBSD box. Now here is a problem. Upon initiating PPTP > dial-up connection from XP the IPSec negotiations start normally, both > client and server agree on encryption & hashing standards successfully. But > as soon as they do agree, all communications timeout. Tcpdump on FreeBSD box > and Etherpeek on Windows should the IPSec packets being delivered to both > machines, but both client and server behave as if packets were not delivered > at all and obviously timeout. I do have PF firewall on the gateway but the > result is the same for firewall being off or on or even not loaded into > kernel. I have used racoon, isakmp and ipsec-tools racoon and the results > are EXACTLY the same up to the corresponding lines in the logs - as soon as > encryption policies are successfully negotiated and both clients switch to > secure communication mode they lose sight of each other and both timeout. I > of course understand that the logs are necessary and I'm ready to provide > them if anybody is interested to help me solve the problem, but I'm hoping > that somebody had this problem and knows the solutions off the top of > his/her head. > > Thanks a lot, > Arcadiy > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1133340478.570472.2094.nullmailer>