Date: Fri, 12 Jan 2001 09:45:08 -0200 From: Jorge Peixoto Vasquez <jorge@aker.com.br> To: Boris <koester@x-itec.de> Cc: net@freebsd.org, security@freebsd.org Subject: Re: IPSEC: racoon and Win2K Message-ID: <3A5EEE44.28D6BAB1@aker.com.br> References: <3A5B6E27.5787D716@aker.com.br> <1322983510.20010112110540@x-itec.de>
next in thread | previous in thread | raw e-mail | index | archive | help
Boris wrote: [ interesting text deleted ] > > It takes some time to find a qualified solution to me, because I am > writing and maintaining the HOWTO in my free time. I will try to find > a solution, if you can explain my why to establish the connection from > the bsd box first. > Basically, what I need is to integrate our FreeBSD-based firewalls with existing WIN2K nets our customers already have. In this (more than I would like) common situation, I can never predict which side will start the communication (mostly tunnel-mode). The problem here is full interoperation, and, for that matter, both sides should be able to establish a connection. If desired, one of then should also be able to reject it, but this must be an optional behavior. Most important: I am sure Win2K should never drop the connection because it received a request for something it supports (DH groups 1 and 2). What I am not sure of is if racoon should or should not be able to send a request with null as the desired dh group. I can't see why would it harm. jOrge -- Jorge Peixoto Vasquez, Elet. Eng. Aker Security Solutions http://www.aker.com.br tel. +55 - 61 - 340 9083 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3A5EEE44.28D6BAB1>