From: Martin Feeney (martin at domain tuatha.org)
Date: Tue 09 Oct 2001 - 11:20:30 IST
On Tue, 09 Oct 2001 10:56:58 John P. Looney wrote:
> On Sat, Oct 06, 2001 at 09:14:20AM +0100, SeSe mentioned:
> > I'm trying to connect a Suse 7.2 to a Nortel Contivity box using FreeSWan.
> > It doesn't seem to work as well to a Win2K Server VPN...Does anyone have
> > more experience with this issue?
Make sure you run windows update and install the 128bit security update
for win2k. Otherwise if you set the win2k side to use 3DES it'll happily
pretend it's going to, but silently fail back to single DES which
freeswan spits at and rejects. Look in your freeswan logs to see if they
give any hint as to what's going on.
Can you get two linux boxes to talk ipsec? If so, then at least you know
that it's definitely win2k that's at fault.
> Yes. It's horrible. But, you can get it working via the freeswan docs.
> It's just a lot off effort. You are better off subscribing to a freeswan
> list and asking there with very specific questions though. Many things can
> go wrong, especially on the windows side, as there are about fifty steps
> you have to take.
Yep, ipsec on win2k is bizarre and horrible, but it does work, eventually.
It's one of those situations that I hold up as a shining example of why
gui configuration tools for administration are very sucky in comparison to
a simple text config file.
This archive was generated by hypermail 2.1.6 : Thu 06 Feb 2003 - 13:12:38 GMT