[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: IPSec between OpenBSD and Windows XP
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: Re: IPSec between OpenBSD and Windows XP
- From: Waldemar Brodkorb <wbx_(_at_)_openbsd-geek_(_dot_)_de>
- Date: Fri, 4 Feb 2005 07:09:10 +0100
- Mail-followup-to: misc_(_at_)_openbsd_(_dot_)_org
Andreas Krummrich wrote,
> I'm having trouble connecting an OpenBSD 3.6 and a Windows XP box.
> Here's the error message:
It is impossible. Part of the enhanced security features of OpenBSD.
Do not connect any unsecure operating system.
Just a joke ;)
You have not specified any life times. IIRC Windows XP (I hope you
use SP2) have another default life time than isakmpd.
NO_PROPOSAL_CHOSEN means that IKE was not successful, because there
is no conclusion on parameters for phase 1.
To debug you can enable oakley.log:
Enabling this setting causes Windows to create an Oakley.log file in
the %SystemRoot%\debug folder for developers or network administrators
with advanced IKE knowledge.
You need to create the following registry-key (with regedit)
You can use tcpdump to sniff the communication and analyze the
handshake. Then you will see what life time your windows XP IPsec
blog your mind!