From owner-freebsd-net@freebsd.org  Tue Sep 22 08:41:16 2015
Return-Path: <owner-freebsd-net@freebsd.org>
Delivered-To: freebsd-net@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id EB797A05119
 for <freebsd-net@mailman.ysv.freebsd.org>;
 Tue, 22 Sep 2015 08:41:16 +0000 (UTC)
 (envelope-from vas@mpeks.tomsk.su)
Received: from relay2.tomsk.ru (mail.sibptus.tomsk.ru [212.73.124.5])
 by mx1.freebsd.org (Postfix) with ESMTP id 5CEDF1967
 for <freebsd-net@freebsd.org>; Tue, 22 Sep 2015 08:41:15 +0000 (UTC)
 (envelope-from vas@mpeks.tomsk.su)
X-Virus-Scanned: by clamd daemon 0.98.5_1 for FreeBSD at relay2.tomsk.ru
Received: from admin.sibptus.TOMSK.ru ([212.73.125.240] verified)
 by relay2.tomsk.ru (CommuniGate Pro SMTP 5.1.16)
 with ESMTPS id 38871826 for freebsd-net@freebsd.org;
 Tue, 22 Sep 2015 14:41:13 +0600
Received: from admin.sibptus.TOMSK.ru (sudakov@localhost [127.0.0.1])
 by admin.sibptus.TOMSK.ru (8.14.9/8.14.7) with ESMTP id t8M8fCLv090500
 for <freebsd-net@freebsd.org>; Tue, 22 Sep 2015 14:41:13 +0600 (NOVT)
 (envelope-from vas@mpeks.tomsk.su)
Received: (from sudakov@localhost)
 by admin.sibptus.TOMSK.ru (8.14.9/8.14.7/Submit) id t8M8fCK9090499
 for freebsd-net@freebsd.org; Tue, 22 Sep 2015 14:41:12 +0600 (NOVT)
 (envelope-from vas@mpeks.tomsk.su)
X-Authentication-Warning: admin.sibptus.TOMSK.ru: sudakov set sender to
 vas@mpeks.tomsk.su using -f
Date: Tue, 22 Sep 2015 14:41:12 +0600
From: Victor Sudakov <vas@mpeks.tomsk.su>
To: freebsd-net@freebsd.org
Subject: transport mode IPSec with Windows 7, static keys
Message-ID: <20150922084111.GA89385@admin.sibptus.tomsk.ru>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Organization: OAO "Svyaztransneft", SibPTUS
X-PGP-Key: http://www.dreamwidth.org/pubkey?user=victor_sudakov
X-PGP-Fingerprint: 10E3 1171 1273 E007 C2E9  3532 0DA4 F259 9B5E C634
User-Agent: Mutt/1.5.24 (2015-08-30)
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Sep 2015 08:41:17 -0000

Dear Colleagues,

Has anyone tried to set up transport mode IPSec with Windows 7 using
static keys? 

I have trouble finding encryption and authentication algorithms
mutually acceptable on FreeBSD and Windows 7. The latter can only do
des or 3des for encryption and md5 or sha1 for authentication, and
requires both ealgo and aalgo to be configured.

If anyone has a success story, could you please show your manually
added SAD entries or, better still, the relevant "setkey -c add ..."
commands?

Thank you very much in advance.

-- 
Victor Sudakov,  VAS4-RIPE, VAS47-RIPN
sip:sudakov@sibptus.tomsk.ru