I am not expert in this, but I had similar problems in different environment when clocks was not synchronized exactly on both tunnel ends.
> Dear everybody, > > I have a following problem which you might help me solve. I'm running a > FreeBSD 6.0 box as a gateway with Windows XP road warrior clients VPNing in. > In order to setup secure access I want to use IPSec for traffic encryption > with the plain-text PPTP for tunneling. Windows XP IPSec policy is > configured to ESP everything coming in and out of TCP port 1723 and GRE and > same stands for FreeBSD box. Now here is a problem. Upon initiating PPTP > dial-up connection from XP the IPSec negotiations start normally, both > client and server agree on encryption & hashing standards successfully. But > as soon as they do agree, all communications timeout. Tcpdump on FreeBSD box > and Etherpeek on Windows should the IPSec packets being delivered to both > machines, but both client and server behave as if packets were not delivered > at all and obviously timeout. I do have PF firewall on the gateway but the > result is the same for firewall being off or on or even not loaded into > kernel. I have used racoon, isakmp and ipsec-tools racoon and the results > are EXACTLY the same up to the corresponding lines in the logs - as soon as > encryption policies are successfully negotiated and both clients switch to > secure communication mode they lose sight of each other and both timeout. I > of course understand that the logs are necessary and I'm ready to provide > them if anybody is interested to help me solve the problem, but I'm hoping > that somebody had this problem and knows the solutions off the top of > his/her head. > > Thanks a lot, > Arcadiy > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "[EMAIL PROTECTED]" > _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
