Boris wrote:
[ interesting text deleted ]
>
> It takes some time to find a qualified solution to me, because I am
> writing and maintaining the HOWTO in my free time. I will try to find
> a solution, if you can explain my why to establish the connection from
> the bsd box first.
>
Basically, what I need is to integrate our FreeBSD-based firewalls with
existing WIN2K nets our customers already have. In this (more than I
would like) common situation, I can never predict which side will start
the communication (mostly tunnel-mode). The problem here is full
interoperation, and, for that matter, both sides should be able to
establish a connection. If desired, one of then should also be able to
reject it, but this must be an optional behavior.
Most important: I am sure Win2K should never drop the connection because
it received a request for something it supports (DH groups 1 and 2).
What I am not sure of is if racoon should or should not be able to send
a request with null as the desired dh group. I can't see why would it
harm.
jOrge
--
Jorge Peixoto Vasquez, Elet. Eng.
Aker Security Solutions
http://www.aker.com.br
tel. +55 - 61 - 340 9083
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
