Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 17 May 2002 08:17:22 -0700 (PDT)
From:      Matthew Zahorik <matt@hottub.org>
To:        Barry Irwin <bvi@itouchlabs.com>
Cc:        freebsd-net@freebsd.org
Subject:   Re: IPsec and dynamically assigned IPs
Message-ID:  <Pine.GSO.4.40.0205170812160.10618-100000@hottub>
In-Reply-To: <20020517122232.A28402@itouchlabs.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 17 May 2002, Barry Irwin wrote:

> B [client] - {internet} - [vpngw] - [server]

It would be a tunnel like B.  The "[vpngw]" on the client side is software
running on the client.  The "[vpngw]" on the other side is a contivity
switch.  I'm trying to reach servers on the other side of the contivity.

> On the case of dynamic IP's  have a look at the "generate policy on;"
> statement in racoon.conf.  However you either need to authenticte using
> aggressive mode ( in which case you can provide a username or somethign else
> to look up against the password) or main mode using certificates.

I'm pretty confident about racoon configuration.  spdadd (seems to)
require(s) fixed tunnel endpoints before I can start racoon, and that's
the mystery.

When I have a spare moment (not this week) I'll futz with spdadd and see
if giving bogus values to spdadd to start and then using generate policy
on; will work.

Thanks for the replies!

- Matt


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.GSO.4.40.0205170812160.10618-100000>