IPsec in tunnel mode between Windows 2000 and FreeBSD

From: Ronan LE NOZACH (ronan.lenozach@cis-consultants.com)
Date: 01/09/03


Date: Thu, 9 Jan 2003 11:43:06 +0100
From: "Ronan LE NOZACH" <ronan.lenozach@cis-consultants.com>
To: <freebsd-security@freebsd.org>

Hi everyone !

I have to build an IPsec VPN between a Windows 2000 server (final host) and a network behind a FreeBSD IPFW firewall with KAME/racoon. I want to build this VPN with IPsec in tunnel mode and without L2TP ot IP in IP encapsulation. After several tests, I managed IPsec communications :
* between Windows 2000 and Linux-FreeS/Wan in transport mode and tunnel mode
* between Windows 2000 and FreeBSD-KAME in transport mode
But I didn't succeed to establish communications with IPsec in tunnel mode between Windows 2000 and FreeBSD (actually, I managed IPsec communications with IPsec in tunnel mode but only when both the Windows 2000 server and the FreeBSD firewall are final hosts, which is not sufficient because I want hosts in the network behind the firewall to be able to communicate with the Windows 2000 server too !). So I'd like to know if anyone has some experience or information about establishing IPsec in tunnel mode between Windows 2000 and FreeBSD. If such communication is not possible, does anyone know if IP in IP encapsulation is possible with Windows 2000 ?

Ronan Le Nozach
CIS Consultants
Paris France

------------------------------------------------------------------
Ce message et les eventuelles pieces jointes sont confidentiels ou appartenant a CIS Consultants et etablis a l'intention exclusive de ses destinataires. Toute divulgation, utilisation, diffusion ou reproduction (totale ou partielle) non-autorisee de ce message, ou des informations qu'il contient, est interdite. Tout message electronique est susceptible d'alteration. CIS Consultants decline toute responsabilite au titre de ce message s'il a ete modifie ou falsifie.
------------------------------------------------------------------
This e-mail and any attachments contain confidential information belonging to CIS Consultants and are intended solely for the addressees. Any unauthorized disclosure, use, dissemination or copying (either whole or partial) of this e-mail, or any information it contains, is prohibited. E-mails are susceptible to alteration. Neither CIS Consultants shall be liable for the message if altered or falsified.
------------------------------------------------------------------

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message