From owner-freebsd-net Wed Apr 25 14:25:56 2001 Delivered-To: freebsd-net@freebsd.org Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193]) by hub.freebsd.org (Postfix) with ESMTP id 0C0B937B424 for ; Wed, 25 Apr 2001 14:25:50 -0700 (PDT) (envelope-from wollman@khavrinen.lcs.mit.edu) Received: (from wollman@localhost) by khavrinen.lcs.mit.edu (8.9.3/8.9.3) id RAA12766; Wed, 25 Apr 2001 17:25:29 -0400 (EDT) (envelope-from wollman) Date: Wed, 25 Apr 2001 17:25:29 -0400 (EDT) From: Garrett Wollman Message-Id: <200104252125.RAA12766@khavrinen.lcs.mit.edu> To: "Gunther Schadow" Cc: Subject: Re: VPN tunnel with DHCP ... In-Reply-To: <003101c0cdc8$64f8bcb0$1200a8c0@gsicomp.on.ca> References: <3AE7303F.957DE6DC@aurora.regenstrief.org> <003101c0cdc8$64f8bcb0$1200a8c0@gsicomp.on.ca> Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org [Original attribution lost.] >> now, the problem is that the ${sohoip} is dynamically assigned >> with DHCP. How can the gateway at the headquarter know that >> ${sohoip} address? I don't know whether this is actually possible to do yet. But, you should be able to configure racoon to use a public-key certificate for authentication, and identify your SOHO users by their names rather than the random DHCP address. However, it looks like you will still lose because racoon does not appear to have a mechanism to automatically add SPD entries based on the authenticated identity of an ``anonymous'' connection. -GAWollman To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message