From owner-freebsd-questions@FreeBSD.ORG  Tue Jan 18 00:37:26 2005
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 4D64216A4CE
	for <freebsd-questions@freebsd.org>;
	Tue, 18 Jan 2005 00:37:26 +0000 (GMT)
Received: from sccrmhc12.comcast.net (sccrmhc12.comcast.net [204.127.202.56])
	by mx1.FreeBSD.org (Postfix) with ESMTP id A6FE843D46
	for <freebsd-questions@freebsd.org>;
	Tue, 18 Jan 2005 00:37:25 +0000 (GMT)
	(envelope-from bsdaemon@comcast.net)
Received: from fw.home (pcp05404374pcs.norstn01.pa.comcast.net[68.80.144.252])
          by comcast.net (sccrmhc12) with SMTP
          id <20050118003143012000pg77e>; Tue, 18 Jan 2005 00:31:43 +0000
Received: (qmail 97644 invoked from network); 18 Jan 2005 00:31:54 -0000
Received: from kris.home (HELO ?192.168.0.251?) (192.168.0.251)
  by fw.home with SMTP; 18 Jan 2005 00:31:54 -0000
Message-ID: <41EC5A3E.1010401@comcast.net>
Date: Mon, 17 Jan 2005 19:37:18 -0500
From: Kris Maglione <bsdaemon@comcast.net>
User-Agent: Mozilla Thunderbird 1.0 (X11/20041212)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: freebsd-questions <freebsd-questions@freebsd.org>
X-Enigmail-Version: 0.89.5.0
X-Enigmail-Supports: pgp-inline, pgp-mime
Content-Type: multipart/signed; micalg=pgp-sha1;
 protocol="application/pgp-signature";
 boundary="------------enigA2026ECD80A02E40413386E2"
Subject: racoon and WinXP
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
Reply-To: freebsd-questions@freebsd.org
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Jan 2005 00:37:26 -0000

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigA2026ECD80A02E40413386E2
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

I'm trying to use windows xp on my laptop to test the performance of my 
wifi adapter vs the freebsd ath driver (which is performing horribly), 
but I can't get the windows isakmp implementation to negotiate a psk 
with racoon. tcpdump gives me things like:

19:28:04.011379 0:50:fc:e8:dd:ae 0:f:b5:34:3d:9b ip 286: 
192.168.1.1.isakmp > 192.168.1.254.isakmp: isakmp: phase 1 I agg: [|sa]
19:28:04.012103 0:f:b5:34:3d:9b 0:50:fc:e8:dd:ae ip 98: 
192.168.1.254.isakmp > 192.168.1.1.isakmp: isakmp: phase 2/others R inf: 
[|n]
19:28:05.680401 0:f:b5:34:3d:9b 0:50:fc:e8:dd:ae ip 77: 
192.168.1.254.1036 > 192.168.0.1.domain:  30+ A? crl.microsoft.com. (35)
19:28:24.029320 0:50:fc:e8:dd:ae 0:f:b5:34:3d:9b ip 286: 
192.168.1.1.isakmp > 192.168.1.254.isakmp: isakmp: phase 1 I agg: [|sa]
19:28:24.030058 0:f:b5:34:3d:9b 0:50:fc:e8:dd:ae ip 98: 
192.168.1.254.isakmp > 192.168.1.1.isakmp: isakmp: phase 2/others R inf: 
[|n]
19:28:44.047271 0:50:fc:e8:dd:ae 0:f:b5:34:3d:9b ip 286: 
192.168.1.1.isakmp > 192.168.1.254.isakmp: isakmp: phase 1 I agg: [|sa]
19:28:44.047982 0:f:b5:34:3d:9b 0:50:fc:e8:dd:ae ip 98: 
192.168.1.254.isakmp > 192.168.1.1.isakmp: isakmp: phase 2/others R inf: 
[|n]

btw, anyone have an idea what's trying to talk to crl.microsoft.com?

and racoon -F -v gives me things like:

2005-01-17 19:19:53: INFO: isakmp.c:813:isakmp_ph1begin_i(): begin 
Aggressive mode.
2005-01-17 19:21:53: ERROR: isakmp.c:1447:isakmp_ph1resend(): phase1 
negotiation failed due to time up. b50ba08611fb67ea:0000000000000000
2005-01-17 19:22:14: ERROR: isakmp.c:1786:isakmp_chkph1there(): phase2 
negotiation failed due to time up waiting for phase1. ESP 
192.168.1.254->192.168.1.1
2005-01-17 19:22:14: INFO: isakmp.c:1791:isakmp_chkph1there(): delete 
phase 2 handler.
2005-01-17 19:27:04: INFO: isakmp.c:1694:isakmp_post_acquire(): IPsec-SA 
request for 192.168.1.254 queued due to no phase1 found.
2005-01-17 19:27:04: INFO: isakmp.c:808:isakmp_ph1begin_i(): initiate 
new phase 1 negotiation: 192.168.1.1[500]<=>192.168.1.254[500]
2005-01-17 19:27:04: INFO: isakmp.c:813:isakmp_ph1begin_i(): begin 
Aggressive mode.

Any ideas?
I'll post the config file if you want, but trying to describe the 
windows settings is more than a bitch. They both have the same key, I'll 
tell you that much. I set the timeouts in the racoon conf file to 140 secs.

Thanks.

--------------enigA2026ECD80A02E40413386E2
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (FreeBSD)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFB7Fo+mcXjc1XBrAQRAkvDAJsERwskoqOdqpNW4mEhBiqcIxgDhQCfYx+t
tXoa4uoBA6Y/ivkla00DLQk=
=HGzz
-----END PGP SIGNATURE-----

--------------enigA2026ECD80A02E40413386E2--