Date: Fri, 17 May 2002 08:17:22 -0700 (PDT) From: Matthew Zahorik <matt@hottub.org> To: Barry Irwin <bvi@itouchlabs.com> Cc: freebsd-net@freebsd.org Subject: Re: IPsec and dynamically assigned IPs Message-ID: <Pine.GSO.4.40.0205170812160.10618-100000@hottub> In-Reply-To: <20020517122232.A28402@itouchlabs.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 17 May 2002, Barry Irwin wrote:
> B [client] - {internet} - [vpngw] - [server]
It would be a tunnel like B. The "[vpngw]" on the client side is software
running on the client. The "[vpngw]" on the other side is a contivity
switch. I'm trying to reach servers on the other side of the contivity.
> On the case of dynamic IP's have a look at the "generate policy on;"
> statement in racoon.conf. However you either need to authenticte using
> aggressive mode ( in which case you can provide a username or somethign else
> to look up against the password) or main mode using certificates.
I'm pretty confident about racoon configuration. spdadd (seems to)
require(s) fixed tunnel endpoints before I can start racoon, and that's
the mystery.
When I have a spare moment (not this week) I'll futz with spdadd and see
if giving bogus values to spdadd to start and then using generate policy
on; will work.
Thanks for the replies!
- Matt
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.GSO.4.40.0205170812160.10618-100000>