Subject: Re: racoon, gss-api auth, and win2k IPSec IKE ...
To: Michael Richardson <>
From: Jonathan Stone <jonathan@DSG.Stanford.EDU>
List: tech-net
Date: 06/09/2002 18:08:09
In message <>,
Michael Richardson writes:


>  MS didn't implement tunnel mode. The only way they can build a tunnel is
>by creating a PPTP interface and using transport mode. 

> This may not be true, but it is hard for me to imagine Dixon got
> this wrong.

Sorry if I was too polite the first time, but I just dont buy this.
See;EN-US;q252735 or
one of a myraid of other pages showing how to set up IPsec tunnels
with win2k.  There is a restriction on having static IP addresses at
each end, but that is reasonably is reasonably well-known.

Cisco even has a Warp page *showing* how to set up an IPsec tunnel
between a win2k box and various Ciscos, complete with screen shots of
win2k  tunnel endpoint settings:

Someone is seriousy out of touch.  I'm having enough problems working
around real MS limitations; we don't want NetBSD lists to spread false
romours about imaginary problems. (Suppose I contact the I-D authors,
then Microsoft employees review this thread, and see bilge like this?)