>The only problem I've encountered is that, when making Win2K and FreeBSD
>interoperate, the IKE's phase 2 only suceeds if
>Win2K initiates the process. If racoon is to start it, Win2k will not
>accept any proposal for phase 2, complaining that the dh group number
>(which should correctly be either 1 or 2) received is 1 or 2 (depending
>on the pfs_group setting in racoon.conf) and not null(0). If I try
>setting pfs_group to null, I get a parse error.

        try removing "pfs_group 2" line. the problem here is that PFS group
        is not negotiated (from the protocol spec), so
        - if Win2K uses no pfs group, racoon obeys
        - if racoon proposes either pfs group 1/2, Win2K rejects
        hope this helps.

itojun

To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]