From owner-freebsd-questions Tue Jan 14 2:38:14 2003 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 090E237B401 for ; Tue, 14 Jan 2003 02:38:13 -0800 (PST) Received: from center.telenet.ru (ns1.telenet.ru [195.58.29.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id 95DB743F7E for ; Tue, 14 Jan 2003 02:38:11 -0800 (PST) (envelope-from buddy@telenet.ru) Received: from MACHINE (machine [192.168.99.4]) by center.telenet.ru (Postfix) with ESMTP id 5F5032D7 for ; Tue, 14 Jan 2003 15:38:10 +0500 (YEKT) Date: Tue, 14 Jan 2003 15:38:05 +0500 From: Andrew Alcheev X-Mailer: The Bat! (v1.60) Reply-To: Andrew Alcheev Organization: Telenet-Service Ltd. X-Priority: 3 (Normal) Message-ID: <2413786872.20030114153805@telenet.ru> To: freebsd-questions@freebsd.org Subject: IPSec tunnel between Windows XP and FreeBSD: racoon can't acts as the initiator MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hello. I have setup an IPSec tunnel between FreeBSD 4.7-stable (system 18.11.02)/racoon 20021120a and Windows XP Prof. FreeBSD acts as gateway, tunneling connections from Windows to world. IPSec crypts link between unix and win only. ipsec.conf: spdadd 0.0.0.0/0 192.168.99.10/32 any -P out ipsec esp/tunnel/192.168.99.1-192.168.99.10/require; spdadd 192.168.99.10/32 0.0.0.0/0 any -P in ipsec esp/tunnel/192.168.99.10-192.168.99.1/require; While other side (Windows XP) initiates connect to hosts behind the tunnel, all works fine. If connect arrives from other hosts before SA has been established, then racoon can't initiate Phase 1 tcpdump output: 15:29:13.408122 192.168.99.1.500 > 192.168.99.10.500: isakmp: phase 1 I agg: [|sa] 15:29:13.409117 192.168.99.10.500 > 192.168.99.1.500: isakmp: phase 2/others R inf: [|n] racoon.log: ... 2003-01-14 15:29:13: DEBUG: isakmp.c:222:isakmp_handler(): 56 bytes message received from 192.168.99.10[500] ... 2003-01-14 15:29:13: DEBUG: isakmp.c:346:isakmp_main(): malformed cookie received or the initiator's cookies collide. ... What is wrong ? Best regards, Andrew mailto:buddy@telenet.ru To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message