Date: Tue, 14 Jan 2003 15:38:05 +0500 From: Andrew Alcheev <buddy@telenet.ru> To: freebsd-questions@freebsd.org Subject: IPSec tunnel between Windows XP and FreeBSD: racoon can't acts as the initiator Message-ID: <2413786872.20030114153805@telenet.ru>
next in thread | raw e-mail | index | archive | help
Hello. I have setup an IPSec tunnel between FreeBSD 4.7-stable (system 18.11.02)/racoon 20021120a and Windows XP Prof. FreeBSD acts as gateway, tunneling connections from Windows to world. IPSec crypts link between unix and win only. ipsec.conf: spdadd 0.0.0.0/0 192.168.99.10/32 any -P out ipsec esp/tunnel/192.168.99.1-192.168.99.10/require; spdadd 192.168.99.10/32 0.0.0.0/0 any -P in ipsec esp/tunnel/192.168.99.10-192.168.99.1/require; While other side (Windows XP) initiates connect to hosts behind the tunnel, all works fine. If connect arrives from other hosts before SA has been established, then racoon can't initiate Phase 1 tcpdump output: 15:29:13.408122 192.168.99.1.500 > 192.168.99.10.500: isakmp: phase 1 I agg: [|sa] 15:29:13.409117 192.168.99.10.500 > 192.168.99.1.500: isakmp: phase 2/others R inf: [|n] racoon.log: ... 2003-01-14 15:29:13: DEBUG: isakmp.c:222:isakmp_handler(): 56 bytes message received from 192.168.99.10[500] ... 2003-01-14 15:29:13: DEBUG: isakmp.c:346:isakmp_main(): malformed cookie received or the initiator's cookies collide. ... What is wrong ? Best regards, Andrew mailto:buddy@telenet.ru To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2413786872.20030114153805>