Date: Wed, 25 Apr 2001 20:14:55 +0000 From: Gunther Schadow <gunther@aurora.regenstrief.org> To: freebsd-net@freebsd.org, freebsd-small@freebsd.org, snap-users@kame.net Subject: VPN tunnel with DHCP ... Message-ID: <3AE7303F.957DE6DC@aurora.regenstrief.org>
next in thread | raw e-mail | index | archive | help
Hi,
about my SOHO router project, I came accross a tough problem, may
be I overlook that there is a solution already? The VPN gateway
at the small office / home office (SOHO) has an IPsec tunnel
connecting it to its headquarter:
setkey -c <<END
spdadd ${sohonet} ${homenet} -P out ipsec
esp/tunnel/${sohoip}-${homeip}/require;
spdadd ${homenet} ${sohonet} -P in ipsec
esp/tunnel/${homeip}-${sohoip}/require;
END
now, the problem is that the ${sohoip} is dynamically assigned
with DHCP. How can the gateway at the headquarter know that
${sohoip} address?
Options I can see are:
A DNS (provided that the SOHO endpoint has a reliable name assigned
by the ISP ... doesn't work for intermittent/dialup lines.)
B an authenticated message from the SOHO endpoint to headquarter
stating that the network ${sohonet} is reachable through the
tunnel with endpoint ${sohoip}.
Is there anything like B defined in IPsec / ISAKMP or something?
regards
-Gunther
--
Gunther Schadow, M.D., Ph.D. gschadow@regenstrief.org
Medical Information Scientist Regenstrief Institute for Health Care
Adjunct Assistent Professor Indiana University School of Medicine
tel:1(317)630-7960 http://aurora.regenstrief.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3AE7303F.957DE6DC>