>Number:         13905
>Category:       kern
>Synopsis:       Our ESP "NULL" cipher doesn't interoperate with the one in Win2K even in configurations where DES and 3DES do.
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun Sep 09 00:16:00 PDT 2001
>Closed-Date:
>Last-Modified:
>Originator:     Thor Lancelot Simon
>Release:        2001-09-08
>Organization:
	The NetBSD Foundation
>Environment:
System: NetBSD rekusant.sr.tjls.com 1.5X NetBSD 1.5X (REKUSANT) #44: Fri Sep 7 14:50:57 EDT 2001 root@rekusant.sr.tjls.com:/lfs/src/sys/arch/i386/compile/REKUSANT i386
Architecture: i386
Machine: i386
>Description:
We can't decrypt packets sent by a Win2K host using the NULL cipher in IPsec
ESP, and they can't decrypt what we send.

>How-To-Repeat:

Set up IPsec in transport mode with a Win2K host, using DES or 3DES (test to
be sure it works!).  Then adjust the racoon configuration to offer only the
null_enc cipher, and in "mmc" on the win2k side, enable the NULL cipher in
the settings for the "Require Security" filter like this: 

Right-click IP Security Policies->your policy name; select "properties".  On
the window that then appears, click "edit".  Select the "filter action" tab,
then "Require Security", then "Edit".  In the "Security Methods" tab, select
"add" and add an entry with "None" for AH, "None" for ESP confidentiality,
and "MD5" or "SHA1" for ESP integrity

Try to ping one host from the other.  You'll see IKE go, ESP SAs will be
negotiated correctly on each end (use "ipsecmon" on the win2k host to see
this) but the ESP packets won't be correctly parsed on either end.

>Fix:
I have absolutely no idea.
>Release-Note:
>Audit-Trail:
>Unformatted: