FreeBSD <-> Windows XP IPSec Phase 1 Timeout

[. at babolo.ru]

I am not expert in this, but I had similar
problems in different environment when clocks
was not synchronized exactly on both tunnel ends.

> Dear everybody,
> 
> I have a following problem which you might help me solve. I'm running a 
> FreeBSD 6.0 box as a gateway with Windows XP road warrior clients VPNing in. 
> In order to setup secure access I want to use IPSec for traffic encryption 
> with the plain-text PPTP for tunneling. Windows XP IPSec policy is 
> configured to ESP everything coming in and out of TCP port 1723 and GRE and 
> same stands for FreeBSD box. Now here is a problem. Upon initiating PPTP 
> dial-up connection from XP the IPSec negotiations start normally, both 
> client and server agree on encryption & hashing standards successfully. But 
> as soon as they do agree, all communications timeout. Tcpdump on FreeBSD box 
> and Etherpeek on Windows should the IPSec packets being delivered to both 
> machines, but both client and server behave as if packets were not delivered 
> at all and obviously timeout. I do have PF firewall on the gateway but the 
> result is the same for firewall being off or on or even not loaded into 
> kernel. I have used racoon, isakmp and ipsec-tools racoon and the results 
> are EXACTLY the same up to the corresponding lines in the logs - as soon as 
> encryption policies are successfully negotiated and both clients switch to 
> secure communication mode they lose sight of each other and both timeout. I 
> of course understand that the logs are necessary and I'm ready to provide 
> them if anybody is interested to help me solve the problem, but I'm hoping 
> that somebody had this problem and knows the solutions off the top of 
> his/her head.
> 
> Thanks a lot,
> Arcadiy 
> 
> _______________________________________________
> freebsd-net at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"
>