IPSEC: racoon and Win2K

From: Jorge Peixoto Vasquez (jorge@aker.com.br)
Date: 03/24/01

Date: Sat, 24 Mar 2001 15:12:39  -0600
From: "Jorge Peixoto Vasquez" <jorge@aker.com.br>
To: <freebsd-security@freebsd.org>

I've read the mini-howto on how to setup IPSEC on the FreeBSD
(http://asherah.dyndns.org/~josh/ipsec-howto.txt) and have been most
succesful so far.

I would be very glad if anyone could help me on the following matter:

The only problem I've encountered is that, when making Win2K and FreeBSD
interoperate, the IKE's phase 2 only suceeds if
Win2K initiates the process. If racoon is to start it, Win2k will not
accept any proposal for phase 2, complaining that the dh group number
(which should correctly be either 1 or 2) received is 1 or 2 (depending
on the pfs_group setting in racoon.conf) and not null(0). If I try
setting pfs_group to null, I get a parse error.

All the docs I found in the kame site (www.kame.net), the handbook, and
the man pages haven't been of any help too.

Thank you very much for your attention,



p.s. I am using FreeBSD 4.2-Stable, racoon 20001111a and (YES) I got the
high-encryption pack and SP1 installed on the Win2K box.

Jorge Peixoto Vasquez, Elet. Eng.
Aker Security Solutions
tel. +55 - 61 - 340 9083

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message