Date: Wed, 30 Nov 2005 10:16:57 -0500 From: "Arcadiy Ivanov" <arcivanov@mail.ru> To: <freebsd-net@freebsd.org> Subject: Re: FreeBSD <-> Windows XP IPSec Phase 1 Timeout Message-ID: <00b301c5f5c1$1b8bd7d0$329da8c0@home.ivanovy.net> References: <1133340478.570472.2094.nullmailer@cicuta.babolo.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
Well, unfortunately it is not the problem - all systems on the network are synchronized via NTP from a common source, thus at least in this test environment clock sync shouldn't be an issue. ----- Original Message ----- From: <"."@babolo.ru> To: "Arcadiy Ivanov" <arcivanov@mail.ru> Cc: <freebsd-net@freebsd.org> Sent: Wednesday, November 30, 2005 03:47 AM Subject: Re: FreeBSD <-> Windows XP IPSec Phase 1 Timeout > > I am not expert in this, but I had similar > problems in different environment when clocks > was not synchronized exactly on both tunnel ends. > >> Dear everybody, >> >> I have a following problem which you might help me solve. I'm running a >> FreeBSD 6.0 box as a gateway with Windows XP road warrior clients VPNing >> in. >> In order to setup secure access I want to use IPSec for traffic >> encryption >> with the plain-text PPTP for tunneling. Windows XP IPSec policy is >> configured to ESP everything coming in and out of TCP port 1723 and GRE >> and >> same stands for FreeBSD box. Now here is a problem. Upon initiating PPTP >> dial-up connection from XP the IPSec negotiations start normally, both >> client and server agree on encryption & hashing standards successfully. >> But >> as soon as they do agree, all communications timeout. Tcpdump on FreeBSD >> box >> and Etherpeek on Windows should the IPSec packets being delivered to both >> machines, but both client and server behave as if packets were not >> delivered >> at all and obviously timeout. I do have PF firewall on the gateway but >> the >> result is the same for firewall being off or on or even not loaded into >> kernel. I have used racoon, isakmp and ipsec-tools racoon and the results >> are EXACTLY the same up to the corresponding lines in the logs - as soon >> as >> encryption policies are successfully negotiated and both clients switch >> to >> secure communication mode they lose sight of each other and both timeout. >> I >> of course understand that the logs are necessary and I'm ready to provide >> them if anybody is interested to help me solve the problem, but I'm >> hoping >> that somebody had this problem and knows the solutions off the top of >> his/her head. >> >> Thanks a lot, >> Arcadiy >> >> _______________________________________________ >> freebsd-net@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-net >> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >> > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?00b301c5f5c1$1b8bd7d0$329da8c0>