Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 26 Apr 2001 00:03:14 -0500 (CDT)
From:      Nick Rogness <nick@rogness.net>
To:        Gunther Schadow <gunther@aurora.regenstrief.org>
Cc:        freebsd-net@FreeBSD.ORG, freebsd-small@FreeBSD.ORG, snap-users@kame.net
Subject:   Re: VPN tunnel with DHCP ...
Message-ID:  <Pine.BSF.4.21.0104252337500.43661-100000@cody.jharris.com>
In-Reply-To: <3AE7303F.957DE6DC@aurora.regenstrief.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Wed, 25 Apr 2001, Gunther Schadow wrote:

> Hi,
> 
> about my SOHO router project, I came accross a tough problem, may
> be I overlook that there is a solution already? The VPN gateway
> at the small office / home office (SOHO) has an IPsec tunnel 
> connecting it to its headquarter:
> 
> setkey -c  <<END
>   spdadd ${sohonet} ${homenet} -P out ipsec
>      esp/tunnel/${sohoip}-${homeip}/require;
>   spdadd ${homenet} ${sohonet} -P in ipsec
>      esp/tunnel/${homeip}-${sohoip}/require;
> END
> 
> now, the problem is that the ${sohoip} is dynamically assigned 
> with DHCP. How can the gateway at the headquarter know that 
> ${sohoip} address?

> 
> Options I can see are:
> 
> A DNS (provided that the SOHO endpoint has a reliable name assigned
>   by the ISP ... doesn't work for intermittent/dialup lines.)
> 
> B an authenticated message from the SOHO endpoint to headquarter
>   stating that the network ${sohonet} is reachable through the 
>   tunnel with endpoint ${sohoip}.
> 
> Is there anything like B defined in IPsec / ISAKMP or something?

	I had a similar problem but I had 1 static server and the tunnels
	were between several DHCP machines...not between the DHCP machines
	and the server.  

	I ended up writing a client/server perl program in which the
	server held information about the client interconnecting gif
	tunnels.  The clients would login and receive tunnel
	endpoints, routing info, updates and such.

	I'm sure this won't suffice but I will send it to you for your own
	hacking pleasure if you wish.  Or hell, I'll even modify it so it
	fits your needs.

Nick Rogness <nick@rogness.net>
 - Keep on Routing in a Free World...
  "FreeBSD: The Power to Serve!"



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0104252337500.43661-100000>