Hello Jorge,
Tuesday, January 09, 2001, 12:01:43 PM, you wrote:
JPV> I've read the mini-howto on how to setup IPSEC on the FreeBSD
JPV> (http://asherah.dyndns.org/~josh/ipsec-howto.txt) and have been most
JPV> succesful so far.
Thanks for reading our IPSEC-MINI-HOWTO.
JPV> The only problem I've encountered is that, when making Win2K and FreeBSD
JPV> interoperate, the IKE's phase 2 only suceeds if
JPV> Win2K initiates the process. If racoon is to start it, Win2k will not
JPV> accept any proposal for phase 2, complaining that the dh group number
I needed a connection from Win2k as initiator to my FreeBSD development
server (FTP,CVS and so on) at the time of writing the win2k
portability with FreeBSD. I never tested the way to connect from the
bsd box to win2k, because the bsd box should never initiate the
connection first.
This way has some nice security advantages, too. I think its time to
update the HOWTO soon. Until then, I will follow the comments on this
list to collect some material for it and if I am using one or two
things of someone of this list, the person will be named in the
tutorial, of course.
I am planning a SGML Version of the howto (DocBook 4.1 SGML) and to write some more
background informations how everything works. I asked Josh about the
idea, but until today I get no answer - maybe he is very busy at the
moment. However, I will start updating the tutorial soon to make some
things clearer.
After making the update, I will contact Josh and then I will post a
notification here.
The most questions the people sent to me where always like these:
* they contacted us first: (they should first ask the list *ggg)
* phase commit errors: (no encryption pack installed)
* misunderstandings about esp, why not to use ssh
* how to create ssl certificates and how to use them with ipsec/ike
...
I will make this things more clearer in the next update of the HOWTO.
I will read some comments about the ipsec topic here in the list and
after some weeks I will make a nice update, directly to
sgml format that it can be read as html book.
JPV> (which should correctly be either 1 or 2) received is 1 or 2 (depending
JPV> on the pfs_group setting in racoon.conf) and not null(0). If I try
JPV> setting pfs_group to null, I get a parse error.
It takes some time to find a qualified solution to me, because I am
writing and maintaining the HOWTO in my free time. I will try to find
a solution, if you can explain my why to establish the connection from
the bsd box first.
JPV> All the docs I found in the kame site (www.kame.net), the handbook, and
JPV> the man pages haven't been of any help too.
We will see what we can do -)
JPV> p.s. I am using FreeBSD 4.2-Stable, racoon 20001111a and (YES) I got the
JPV> high-encryption pack and SP1 installed on the Win2K box.
Ok thats very good and very important.
--
Boris [MCSE, CNA]
...................................................................
X-ITEC : Consulting * Programming * Net-Security * Crypto-Research
........: [PRIVATE ADDRESS:]
: Boris Köster eMail [EMAIL PROTECTED] http://www.x-itec.de
: Grüne 33-57368 Lennestadt Germany Tel: +49 (0)2721 989400
: 101 PERFECTION - SECURITY - STABILITY - FUNCTIONALITY
........:..........................................................
Everything I am writing is (c) by Boris Köster and may not be
rewritten or distributed in any way without my permission.
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
