FreeBSD 2.2.6/ipfw-natd/SKIP playing nice with NT 4 SKIP (round 5)

Wed, 8 Jul 1998 19:19:45 -0400 

(and hopefully the last round!)



Thanks to tips from Archie Cobbs at whistle.com I was able to almost get 
skip and natd on FreeBSD to work with NT 4.0 skip.   (The cert. on the NT 
box starts is 0x5b7d367e4fe8daf60313d75a0fe5b497)

The config I desire to have work is one with nomadic users, and the 
configs I can get working are:
 
non-nomadic users and natd.
Nomadic users and no natd.

But not the grail of nomadic users and natd. 



If I boot up with kernel.GENERIC this skiphost -P works as Im wanting.

skiphost -i ep0 -p
skiphost -i ep0 -a 224.0.0.1
skiphost -i ep0 -a 192.168.138.1 -v 2 -k DES-CBC -t DES-CBC -s 8 -S 
0x65acaa1f5edce866d7f473508fda994f 
skiphost -i ep0 -a 224.0.0.2
skiphost -i ep0 -a 192.168.138.255
skiphost -i ep0 -a "*" -v 2 -k DES-CBC -t DES-CBC -r 8 -R 
0x40a6c87db1f6677ab12a98c82f007012 -s 8 -S 
0x65acaa1f5edce866d7f473508fda994f 
skiphost -i ep0 -a "*" -v 2 -k DES-CBC -t DES-CBC -r 8 -R 
0x5b7d367e4fe8daf60313d75a0fe5b497 -s 8 -S 
0x65acaa1f5edce866d7f473508fda994f 
skiphost -i ep0 -o on

If I use this ipfw list and have a kernel configured for IPFW

00010 allow skip from any to any
00010 allow 79 from any to any
00010 allow esp from any to any
00010 allow ah from any to any
00010 allow udp from any to 192.168.138.1 1640
00010 allow udp from 192.168.138.1 1640 to any
00100 divert 6668 log ip from any to any via 192.168.138.1
65535 allow ip from any to any

and this skiphost -P

skiphost -i ep0 -p
skiphost -i ep0 -a 224.0.0.1
skiphost -i ep0 -a 192.168.138.1 -v 2 -k DES-CBC -t DES-CBC -s 8 -S 
0x65acaa1f5edce866d7f473508fda994f 
skiphost -i ep0 -a 224.0.0.2
skiphost -i ep0 -a 192.168.138.16
skiphost -i ep0 -a 192.168.138.55
skiphost -i ep0 -a 192.168.138.255
skiphost -i ep0 -a "*" -v 2 -k DES-CBC -t DES-CBC -r 8 -R 
0x40a6c87db1f6677ab12a98c82f007012 -s 8 -S 
0x65acaa1f5edce866d7f473508fda994f 
skiphost -i ep0 -a "*" -v 2 -k DES-CBC -t DES-CBC -r 8 -R 
0x5b7d367e4fe8daf60313d75a0fe5b497 -s 8 -S 
0x65acaa1f5edce866d7f473508fda994f 
skiphost -i ep0 -o on

I at least have un-encrypted communications.  Asking  the skip 
implementation to be in a nomadic mode breaks with the above config.   
So, can anyone spot what I did wrong here?

Reply via email to