From owner-freebsd-security Mon Jan 13 6:40:59 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B0FDB37B401 for ; Mon, 13 Jan 2003 06:40:55 -0800 (PST) Received: from server1.cis-consultants.com (ATuileries-106-2-1-64.abo.wanadoo.fr [193.252.218.64]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0917A43F13 for ; Mon, 13 Jan 2003 06:40:54 -0800 (PST) (envelope-from ronan.lenozach@cis-consultants.com) Received: from CIS2KS01.cis-consultants (mail.cis-consultants [192.168.1.26]) by server1.cis-consultants.com (Postfix) with ESMTP id 9353ED3E7 for ; Mon, 13 Jan 2003 16:36:09 +0100 (CET) Received: from CIS2KS01.cis-consultants ([192.168.1.26]) by CIS2KS01.cis-consultants with Microsoft SMTPSVC(5.0.2195.5329); Mon, 13 Jan 2003 15:40:51 +0100 MIME-Version: 1.0 Subject: =?utf-8?Q?RE=C2=A0:_IPsec_in_tunnel_mode_between_Windows_2000_and_FreeBSD?= Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable content-class: urn:content-classes:message X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4920.2300 Date: Mon, 13 Jan 2003 15:40:51 +0100 Message-ID: <0690CF9CCB18EE4EB57E4E26A0CEC7BB0EF21E@cis2ks01.cis-consultants> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: IPsec in tunnel mode between Windows 2000 and FreeBSD Thread-Index: AcK4Ex4JJoHI4eI+QKW27P42g3bZgwC/Zah+ From: "Ronan LE NOZACH" Importance: normal To: "Andriy Gapon" Cc: X-OriginalArrivalTime: 13 Jan 2003 14:40:51.0602 (UTC) FILETIME=[C522B720:01C2BB11] Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Thank you for this information Andriy, I did some other tests and it works fine now. If found out my problem = was that phase II life duration expected by Windows was 300 sec and = lifetime proposal sent by racoon was 30 sec ! =20 Ronan Le Nozach CIS Consultants Paris France -------- Message d'origine--------=20 De: Andriy Gapon [mailto:agapon@excite.com]=20 Date: jeu. 09/01/2003 20:10=20 =C3=80: Ronan LE NOZACH=20 Cc: freebsd-security@FreeBSD.ORG=20 Objet: Re: IPsec in tunnel mode between Windows 2000 and FreeBSD =09 =09 Ronan, =09 I have here a well-functioning IPSec tunnel between Win2K leaf-node host and FreeBSD router to the Internet. There are quite a few tutorials on this topic on the www, the most important trick for tunnel mode (vs. transport mode) is to have two separate policies on Win2K - for incoming and outgoing packets (i.e. "mirror" option should not be used). Racoon log may provide more hints, you should be able to find a message where it complaints. =09 -- Andriy Gapon * Broadcast Message from wnpdev21 (pts/tg) Wed Jan 8 09:12:47... replacing the jar - krishna 3931 =09 ------------------------------------------------------------------ Ce message et les eventuelles pieces jointes sont confidentiels ou = appartenant a CIS Consultants et etablis a l'intention exclusive de ses = destinataires. Toute divulgation, utilisation, diffusion ou reproduction = (totale ou partielle) non-autorisee de ce message, ou des informations = qu'il contient, est interdite. Tout message electronique est susceptible = d'alteration. CIS Consultants decline toute responsabilite au titre de = ce message s'il a ete modifie ou falsifie. ------------------------------------------------------------------ This e-mail and any attachments contain confidential information = belonging to CIS Consultants and are intended solely for the addressees. = Any unauthorized disclosure, use, dissemination or copying (either whole = or partial) of this e-mail, or any information it contains, is = prohibited. E-mails are susceptible to alteration. Neither CIS = Consultants shall be liable for the message if altered or falsified. ------------------------------------------------------------------ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message