From owner-freebsd-security Wed Nov 29 15: 0:49 2000 Delivered-To: freebsd-security@freebsd.org Received: from heyday.seas.upenn.edu (HEYDAY.SEAS.UPENN.EDU [158.130.64.49]) by hub.freebsd.org (Postfix) with ESMTP id 2B57F37B404 for ; Wed, 29 Nov 2000 15:00:47 -0800 (PST) Received: from red.seas.upenn.edu (wfdavis@RED.SEAS.UPENN.EDU [158.130.64.176]) by heyday.seas.upenn.edu (8.10.1/8.10.1) with ESMTP id eATN0kT22408 for ; Wed, 29 Nov 2000 18:00:46 -0500 (EST) Received: from localhost (wfdavis@localhost) by red.seas.upenn.edu (8.10.1/8.10.1) with ESMTP id eATN0kY27473 for ; Wed, 29 Nov 2000 18:00:46 -0500 (EST) Date: Wed, 29 Nov 2000 18:00:45 -0500 (EST) From: Wayne F Davis To: freebsd-security@freebsd.org Subject: IPsec interoperability with Windows 2000 Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi, I need to get IPsec setup between some windows boxes and a freebsd server. I have IPsec going between the windows boxes and I configured IPsec on the server, however it's not working properly. Win2k's IP Security Monitor shows a lot of Bad SPI Packets and the windows box cannot talk to the freebsd box. Here's my setup on freebsd: add 192.168.0.1 192.168.0.2 esp 9876 -E 3des-cbc "blahblahblahblahblahblah"; add 192.168.0.2 192.168.0.1 esp 10000 -E 3des-cbc "blahblahblahblahblahblah"; add 192.168.0.1 192.168.0.2 ah 9877 -A hmac-md5 "blahblahblahblah"; add 192.168.0.2 192.168.0.1 ah 10001 -A hmac-md5 "blahblahblahblah"; spdadd 192.168.0.1 192.168.0.2 any -P out ipsec esp/transport//use ah/transport//use; My setup on Win2k: All IP Traffic Request Security Auth Method Preshared Key: blahblahblahblah -- So, I'm wondering if anyone has setup IPsec between FreeBSD and Win2k. I'd appreciate any comments. Thanks. Wayne Davis - wfdavis@seas.upenn.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message