From owner-freebsd-net Fri May 17 8:19:27 2002 Delivered-To: freebsd-net@freebsd.org Received: from hottub.hottub.org (hottub.org [66.60.164.74]) by hub.freebsd.org (Postfix) with ESMTP id 5198E37B40A for ; Fri, 17 May 2002 08:19:24 -0700 (PDT) Received: by hottub.hottub.org (Postfix, from userid 1100) id DCFC8213BC; Fri, 17 May 2002 08:17:22 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by hottub.hottub.org (Postfix) with ESMTP id D07EC213BB; Fri, 17 May 2002 08:17:22 -0700 (PDT) Date: Fri, 17 May 2002 08:17:22 -0700 (PDT) From: Matthew Zahorik X-X-Sender: matt@hottub To: Barry Irwin Cc: freebsd-net@freebsd.org Subject: Re: IPsec and dynamically assigned IPs In-Reply-To: <20020517122232.A28402@itouchlabs.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Fri, 17 May 2002, Barry Irwin wrote: > B [client] - {internet} - [vpngw] - [server] It would be a tunnel like B. The "[vpngw]" on the client side is software running on the client. The "[vpngw]" on the other side is a contivity switch. I'm trying to reach servers on the other side of the contivity. > On the case of dynamic IP's have a look at the "generate policy on;" > statement in racoon.conf. However you either need to authenticte using > aggressive mode ( in which case you can provide a username or somethign else > to look up against the password) or main mode using certificates. I'm pretty confident about racoon configuration. spdadd (seems to) require(s) fixed tunnel endpoints before I can start racoon, and that's the mystery. When I have a spare moment (not this week) I'll futz with spdadd and see if giving bogus values to spdadd to start and then using generate policy on; will work. Thanks for the replies! - Matt To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message