Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 30 Nov 2005 11:47:58 +0300 (MSK)
From:      .@babolo.ru
To:        Arcadiy Ivanov <arcivanov@mail.ru>
Cc:        freebsd-net@freebsd.org
Subject:   Re: FreeBSD <-> Windows XP IPSec Phase 1 Timeout
Message-ID:  <1133340478.570472.2094.nullmailer@cicuta.babolo.ru>
In-Reply-To: <000d01c5f4ad$08ea4ea0$329da8c0@home.ivanovy.net>
next in thread | previous in thread | raw e-mail | index | archive | help 

I am not expert in this, but I had similar
problems in different environment when clocks
was not synchronized exactly on both tunnel ends.

> Dear everybody,
> 
> I have a following problem which you might help me solve. I'm running a 
> FreeBSD 6.0 box as a gateway with Windows XP road warrior clients VPNing in. 
> In order to setup secure access I want to use IPSec for traffic encryption 
> with the plain-text PPTP for tunneling. Windows XP IPSec policy is 
> configured to ESP everything coming in and out of TCP port 1723 and GRE and 
> same stands for FreeBSD box. Now here is a problem. Upon initiating PPTP 
> dial-up connection from XP the IPSec negotiations start normally, both 
> client and server agree on encryption & hashing standards successfully. But 
> as soon as they do agree, all communications timeout. Tcpdump on FreeBSD box 
> and Etherpeek on Windows should the IPSec packets being delivered to both 
> machines, but both client and server behave as if packets were not delivered 
> at all and obviously timeout. I do have PF firewall on the gateway but the 
> result is the same for firewall being off or on or even not loaded into 
> kernel. I have used racoon, isakmp and ipsec-tools racoon and the results 
> are EXACTLY the same up to the corresponding lines in the logs - as soon as 
> encryption policies are successfully negotiated and both clients switch to 
> secure communication mode they lose sight of each other and both timeout. I 
> of course understand that the logs are necessary and I'm ready to provide 
> them if anybody is interested to help me solve the problem, but I'm hoping 
> that somebody had this problem and knows the solutions off the top of 
> his/her head.
> 
> Thanks a lot,
> Arcadiy 
> 
> _______________________________________________
> freebsd-net@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
>

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1133340478.570472.2094.nullmailer>