From owner-freebsd-security Thu Nov 30 4: 5:40 2000 Delivered-To: freebsd-security@freebsd.org Received: from post.webmailer.de (natmail2.webmailer.de [192.67.198.65]) by hub.freebsd.org (Postfix) with ESMTP id B689A37B400 for ; Thu, 30 Nov 2000 04:05:33 -0800 (PST) Received: from localhost.localdom (p3E9E1559.dip.t-dialin.net [62.158.21.89]) by post.webmailer.de (8.9.3/8.8.7) with ESMTP id NAA09057 for ; Thu, 30 Nov 2000 13:05:35 +0100 (MET) Received: from masterpc (master [192.168.0.1]) by localhost.localdom (8.11.1/8.11.1) with ESMTP id eAUBdwu00895; Thu, 30 Nov 2000 12:39:58 +0100 (CET) Date: Thu, 30 Nov 2000 12:39:57 -0800 From: Boris X-Mailer: The Bat! (v1.46d) Personal Reply-To: Boris X-Priority: 3 (Normal) Message-ID: <873931232.20001130123957@x-itec.de> To: Wayne F Davis Cc: freebsd-security@FreeBSD.ORG Subject: Re: IPsec interoperability with Windows 2000 In-reply-To: References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hello Wayne, Wednesday, November 29, 2000, 3:00:45 PM, you wrote: WFD> Hi, WFD> I need to get IPsec setup between some windows boxes and a freebsd WFD> server. I have IPsec going between the windows boxes and I configured WFD> IPsec on the server, however it's not working properly. WFD> Win2k's IP Security Monitor shows a lot of Bad SPI Packets and the WFD> windows box cannot talk to the freebsd box. WFD> Here's my setup on freebsd: WFD> add 192.168.0.1 192.168.0.2 esp 9876 -E 3des-cbc WFD> "blahblahblahblahblahblah"; WFD> add 192.168.0.2 192.168.0.1 esp 10000 -E 3des-cbc WFD> "blahblahblahblahblahblah"; WFD> add 192.168.0.1 192.168.0.2 ah 9877 -A hmac-md5 "blahblahblahblah"; WFD> add 192.168.0.2 192.168.0.1 ah 10001 -A hmac-md5 "blahblahblahblah"; WFD> spdadd 192.168.0.1 192.168.0.2 any -P out ipsec esp/transport//use WFD> ah/transport//use; WFD> My setup on Win2k: WFD> All IP Traffic WFD> Request Security WFD> Auth Method Preshared Key: blahblahblahblah WFD> -- WFD> So, I'm wondering if anyone has setup IPsec between FreeBSD and WFD> Win2k. I'd appreciate any comments. Take a look at the IPSEC-HOWTO http://asherah.dyndns.org/~josh/ipsec-howto.txt -- Best regards, Boris mailto:koester@x-itec.de To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message