racoon and WinXP

Kris Maglione bsdaemon at comcast.net
Mon Jan 17 16:37:26 PST 2005 

I'm trying to use windows xp on my laptop to test the performance of my 
wifi adapter vs the freebsd ath driver (which is performing horribly), 
but I can't get the windows isakmp implementation to negotiate a psk 
with racoon. tcpdump gives me things like:

19:28:04.011379 0:50:fc:e8:dd:ae 0:f:b5:34:3d:9b ip 286: 
192.168.1.1.isakmp > 192.168.1.254.isakmp: isakmp: phase 1 I agg: [|sa]
19:28:04.012103 0:f:b5:34:3d:9b 0:50:fc:e8:dd:ae ip 98: 
192.168.1.254.isakmp > 192.168.1.1.isakmp: isakmp: phase 2/others R inf: 
[|n]
19:28:05.680401 0:f:b5:34:3d:9b 0:50:fc:e8:dd:ae ip 77: 
192.168.1.254.1036 > 192.168.0.1.domain:  30+ A? crl.microsoft.com. (35)
19:28:24.029320 0:50:fc:e8:dd:ae 0:f:b5:34:3d:9b ip 286: 
192.168.1.1.isakmp > 192.168.1.254.isakmp: isakmp: phase 1 I agg: [|sa]
19:28:24.030058 0:f:b5:34:3d:9b 0:50:fc:e8:dd:ae ip 98: 
192.168.1.254.isakmp > 192.168.1.1.isakmp: isakmp: phase 2/others R inf: 
[|n]
19:28:44.047271 0:50:fc:e8:dd:ae 0:f:b5:34:3d:9b ip 286: 
192.168.1.1.isakmp > 192.168.1.254.isakmp: isakmp: phase 1 I agg: [|sa]
19:28:44.047982 0:f:b5:34:3d:9b 0:50:fc:e8:dd:ae ip 98: 
192.168.1.254.isakmp > 192.168.1.1.isakmp: isakmp: phase 2/others R inf: 
[|n]

btw, anyone have an idea what's trying to talk to crl.microsoft.com?

and racoon -F -v gives me things like:

2005-01-17 19:19:53: INFO: isakmp.c:813:isakmp_ph1begin_i(): begin 
Aggressive mode.
2005-01-17 19:21:53: ERROR: isakmp.c:1447:isakmp_ph1resend(): phase1 
negotiation failed due to time up. b50ba08611fb67ea:0000000000000000
2005-01-17 19:22:14: ERROR: isakmp.c:1786:isakmp_chkph1there(): phase2 
negotiation failed due to time up waiting for phase1. ESP 
192.168.1.254->192.168.1.1
2005-01-17 19:22:14: INFO: isakmp.c:1791:isakmp_chkph1there(): delete 
phase 2 handler.
2005-01-17 19:27:04: INFO: isakmp.c:1694:isakmp_post_acquire(): IPsec-SA 
request for 192.168.1.254 queued due to no phase1 found.
2005-01-17 19:27:04: INFO: isakmp.c:808:isakmp_ph1begin_i(): initiate 
new phase 1 negotiation: 192.168.1.1[500]<=>192.168.1.254[500]
2005-01-17 19:27:04: INFO: isakmp.c:813:isakmp_ph1begin_i(): begin 
Aggressive mode.

Any ideas?
I'll post the config file if you want, but trying to describe the 
windows settings is more than a bitch. They both have the same key, I'll 
tell you that much. I set the timeouts in the racoon conf file to 140 secs.

Thanks.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 254 bytes
Desc: OpenPGP digital signature
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20050117/e29981e9/signature.bin

More information about the freebsd-questions mailing list