[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPSec between OpenBSD and Windows XP

Andreas Krummrich wrote,

> Hi,
> I'm having trouble connecting an OpenBSD 3.6 and a Windows XP box.
> Here's the error message:

It is impossible. Part of the enhanced security features of OpenBSD.
Do not connect any unsecure operating system.

Just a joke ;)

You have not specified any life times. IIRC Windows XP (I hope you
use SP2) have another default life time than isakmpd.

NO_PROPOSAL_CHOSEN means that IKE was not successful, because there
is no conclusion on parameters for phase 1.

To debug you can enable oakley.log:
Enabling this setting causes Windows to create an Oakley.log file in
the %SystemRoot%\debug folder for developers or network administrators 
with advanced IKE knowledge.
You need to create the following registry-key (with regedit)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent\Oakley \"EnableLogging\"=dword:00000001

You can use tcpdump to sniff the communication and analyze the
handshake. Then you will see what life time your windows XP IPsec
client suggest.

good luck


blog your mind!

Visit your host, monkey.org