Date: Wed, 10 Jan 2001 08:51:20 +0900 From: itojun@iijlab.net To: Jorge Peixoto Vasquez <jorge@aker.com.br> Cc: freebsd-net@freebsd.org, freebsd-security@freebsd.org Subject: Re: IPSEC: racoon and Win2K Message-ID: <5077.979084280@coconut.itojun.org> In-Reply-To: jorge's message of Tue, 09 Jan 2001 18:01:43 -0200. <3A5B6E27.5787D716@aker.com.br>
next in thread | previous in thread | raw e-mail | index | archive | help
>The only problem I've encountered is that, when making Win2K and FreeBSD >interoperate, the IKE's phase 2 only suceeds if >Win2K initiates the process. If racoon is to start it, Win2k will not >accept any proposal for phase 2, complaining that the dh group number >(which should correctly be either 1 or 2) received is 1 or 2 (depending >on the pfs_group setting in racoon.conf) and not null(0). If I try >setting pfs_group to null, I get a parse error. try removing "pfs_group 2" line. the problem here is that PFS group is not negotiated (from the protocol spec), so - if Win2K uses no pfs group, racoon obeys - if racoon proposes either pfs group 1/2, Win2K rejects hope this helps. itojun To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5077.979084280>