[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPSec between OpenBSD and Windows XP



Hi,
Andreas Krummrich wrote,

> Hi,
> 
> I'm having trouble connecting an OpenBSD 3.6 and a Windows XP box.
> Here's the error message:

It is impossible. Part of the enhanced security features of OpenBSD.
Do not connect any unsecure operating system.

Just a joke ;)

You have not specified any life times. IIRC Windows XP (I hope you
use SP2) have another default life time than isakmpd.

NO_PROPOSAL_CHOSEN means that IKE was not successful, because there
is no conclusion on parameters for phase 1.

To debug you can enable oakley.log:
Enabling this setting causes Windows to create an Oakley.log file in
the %SystemRoot%\debug folder for developers or network administrators 
with advanced IKE knowledge.
You need to create the following registry-key (with regedit)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent\Oakley \"EnableLogging\"=dword:00000001

You can use tcpdump to sniff the communication and analyze the
handshake. Then you will see what life time your windows XP IPsec
client suggest.

good luck

Waldemar

-- 
blog your mind!
http://openbsd-geek.de/



Visit your host, monkey.org