Re: IPSEC: racoon and Win2K

From: Jorge Peixoto Vasquez (
Date: 01/10/01

Date: Wed, 10 Jan 2001 19:37:32 -0200
From: Jorge Peixoto Vasquez <>
To:, wrote:
> >The only problem I've encountered is that, when making Win2K and FreeBSD
> >interoperate, the IKE's phase 2 only suceeds if
> >Win2K initiates the process. If racoon is to start it, Win2k will not
> >accept any proposal for phase 2, complaining that the dh group number
> >(which should correctly be either 1 or 2) received is 1 or 2 (depending
> >on the pfs_group setting in racoon.conf) and not null(0). If I try
> >setting pfs_group to null, I get a parse error.
> try removing "pfs_group 2" line. the problem here is that PFS group
> is not negotiated (from the protocol spec), so
> - if Win2K uses no pfs group, racoon obeys
> - if racoon proposes either pfs group 1/2, Win2K rejects
> hope this helps.

I had already done it, but it acts exactly the same way as it does if I
put "pfs_group 2" or "pfs_group modp1024", i.e. sends '2' to Win2K.

Anyone was successfull in making these interoperate? Could you please
tell me which racoon version you used and please send me the conf file?

Thanx anyways,


Jorge Peixoto Vasquez, Elet. Eng.
Aker Security Solutions
tel. +55 - 61 - 340 9083
To Unsubscribe: send mail to
with "unsubscribe freebsd-security" in the body of the message

Relevant Pages

  • RE: Samba/two Win2K machines
    ... A 100BaseT network running full-duplex can theoretically pass about 12.5 ... > solutions to why is Samba on Freebsd between Win2k too slow. ...
  • Re: (Yet Another) Home Networking Question
    ... >You have to forward the ports required by WinVNC on the FreeBSD Gateway. ... >box can successfully ping each other, and both FreeBSD box and Win2k ... >>This will enable diversion of all traffic to natd. ...
  • Samba/two Win2K machines
    ... solutions to why is Samba on Freebsd between Win2k too slow. ... preferred master = yes ...
  • RE: (Yet Another) Home Networking Question
    ... public internet, that why they are reserved for LANs. ... IPFW is not the firewall for the newbe, ... FreeBSD box and Win2k box can successfully ping each ...
  • Re: VPN Tunneling
    ... >I'm trying to make a VPN tunnel between a FreeBSD machine and a Win2K ... >connections ('Connect to a private network through the Internet'). ... FreeBSD box is acting as a gateway/natd for the net1 internal network. ...