Re: FreeBSD <-> Windows XP IPSec Phase 1 Timeout

Wed, 30 Nov 2005 07:17:18 -0800 

Well, unfortunately it is not the problem - all systems on the network are
synchronized via NTP from a common source, thus at least in this test
environment clock sync shouldn't be an issue.
----- Original Message ----- From: <"."@babolo.ru> 
To: "Arcadiy Ivanov" <[EMAIL PROTECTED]>
Cc: <[email protected]>
Sent: Wednesday, November 30, 2005 03:47 AM
Subject: Re: FreeBSD <-> Windows XP IPSec Phase 1 Timeout




I am not expert in this, but I had similar
problems in different environment when clocks
was not synchronized exactly on both tunnel ends.


Dear everybody,

I have a following problem which you might help me solve. I'm running a
FreeBSD 6.0 box as a gateway with Windows XP road warrior clients VPNing
in.
In order to setup secure access I want to use IPSec for traffic
encryption
with the plain-text PPTP for tunneling. Windows XP IPSec policy is
configured to ESP everything coming in and out of TCP port 1723 and GRE
and
same stands for FreeBSD box. Now here is a problem. Upon initiating PPTP
dial-up connection from XP the IPSec negotiations start normally, both
client and server agree on encryption & hashing standards successfully.
But
as soon as they do agree, all communications timeout. Tcpdump on FreeBSD
box
and Etherpeek on Windows should the IPSec packets being delivered to both
machines, but both client and server behave as if packets were not
delivered
at all and obviously timeout. I do have PF firewall on the gateway but
the
result is the same for firewall being off or on or even not loaded into
kernel. I have used racoon, isakmp and ipsec-tools racoon and the results
are EXACTLY the same up to the corresponding lines in the logs - as soon
as
encryption policies are successfully negotiated and both clients switch
to
secure communication mode they lose sight of each other and both timeout.
I
of course understand that the logs are necessary and I'm ready to provide
them if anybody is interested to help me solve the problem, but I'm
hoping
that somebody had this problem and knows the solutions off the top of
his/her head.

Thanks a lot,
Arcadiy

_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"



_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to