Date: Mon, 09 Dec 2002 17:00:06 -0600 From: Eric Anderson <anderson@centtech.com> To: Fernando Gleiser <fgleiser@cactus.fi.uba.ar> Cc: security@freebsd.org Subject: Re: (slightly OT) IPSec with dynamic IP Message-ID: <3DF52076.4020700@centtech.com> References: <20021209195332.X5648-100000@cactus.fi.uba.ar>
next in thread | previous in thread | raw e-mail | index | archive | help
Fernando Gleiser wrote: > I'm sorry if this is OT for -security. I sent it to -questions but > got no answer. > > I need to set up a VPN between a corporate LAN and roaming users. The > firewall is a FreeBSD 4.7 box with ipf/ipnat and will act as a security > gateway for the tunnel. > > On the other side there are several Win2K/XP boxes connected to the > Internet via DSL/cable modem/dialup/carrier pigeon/whatever and they have > a different IP every time they connect. > > The problem is: every single doc/tutorial/man page/ I've read says how to > set up the SA with static IPs, but now one side is dynamic. > > So the questions are: > > 1. Is this posible? > 2. If it's posible, can I do it with IKE/ISAKMP? > 3. Does anybody have a pointer to a doc which says how to do it? I'll rtfm, > just tell me where the fm is :) 1. Yes, it is possible.. You'll have to do something with certificates probably, or use mpd on the server end. There are other solutions, those are just a few things.. 2. Maybe.. Are you trying to connect each individual windows box, or are you going to have a firewall/gateway that does this for all of them (the entire lan)? 3. I don't know .. maybe... I have this working, so maybe I should write one up.. :) Eric -- ------------------------------------------------------------------ Eric Anderson Systems Administrator Centaur Technology Beware the fury of a patient man. ------------------------------------------------------------------ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3DF52076.4020700>