Date: Fri, 17 May 2002 08:17:22 -0700 (PDT) From: Matthew Zahorik <matt@hottub.org> To: Barry Irwin <bvi@itouchlabs.com> Cc: freebsd-net@freebsd.org Subject: Re: IPsec and dynamically assigned IPs Message-ID: <Pine.GSO.4.40.0205170812160.10618-100000@hottub> In-Reply-To: <20020517122232.A28402@itouchlabs.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 17 May 2002, Barry Irwin wrote: > B [client] - {internet} - [vpngw] - [server] It would be a tunnel like B. The "[vpngw]" on the client side is software running on the client. The "[vpngw]" on the other side is a contivity switch. I'm trying to reach servers on the other side of the contivity. > On the case of dynamic IP's have a look at the "generate policy on;" > statement in racoon.conf. However you either need to authenticte using > aggressive mode ( in which case you can provide a username or somethign else > to look up against the password) or main mode using certificates. I'm pretty confident about racoon configuration. spdadd (seems to) require(s) fixed tunnel endpoints before I can start racoon, and that's the mystery. When I have a spare moment (not this week) I'll futz with spdadd and see if giving bogus values to spdadd to start and then using generate policy on; will work. Thanks for the replies! - Matt To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.GSO.4.40.0205170812160.10618-100000>