From owner-freebsd-net Wed Apr 25 22:48:44 2001 Delivered-To: freebsd-net@freebsd.org Received: from mine.kame.net (kame195.kame.net [203.178.141.195]) by hub.freebsd.org (Postfix) with ESMTP id 98FC537B422 for ; Wed, 25 Apr 2001 22:48:39 -0700 (PDT) (envelope-from sakane@ydc.co.jp) Received: from localhost ([3ffe:501:481d:4000:260:1dff:fe21:f766]) by mine.kame.net (8.11.1/3.7W) with ESMTP id f3Q64lY37923; Thu, 26 Apr 2001 15:04:47 +0900 (JST) To: wollman@khavrinen.lcs.mit.edu Cc: gunther@aurora.regenstrief.org, freebsd-net@FreeBSD.ORG Subject: Re: VPN tunnel with DHCP ... In-Reply-To: Your message of "Wed, 25 Apr 2001 17:25:29 -0400 (EDT)" <200104252125.RAA12766@khavrinen.lcs.mit.edu> References: <200104252125.RAA12766@khavrinen.lcs.mit.edu> X-Mailer: Cue version 0.6 (010413-1707/sakane) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Message-Id: <20010426144828V.sakane@ydc.co.jp> Date: Thu, 26 Apr 2001 14:48:28 +0900 From: Shoichi Sakane X-Dispatcher: imput version 20000228(IM140) Lines: 19 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org # This tread is being at three mailing list... > >> now, the problem is that the ${sohoip} is dynamically assigned > >> with DHCP. How can the gateway at the headquarter know that > >> ${sohoip} address? > I don't know whether this is actually possible to do yet. But, you > should be able to configure racoon to use a public-key certificate for > authentication, and identify your SOHO users by their names rather > than the random DHCP address. However, it looks like you will still > lose because racoon does not appear to have a mechanism to > automatically add SPD entries based on the authenticated identity of > an ``anonymous'' connection. racoon-20010418a can do it experimentally if you specify "generate_policy" in server's racoon.conf. racoon generates SP entries from ID payloads in IKE phase 2 negotiation, then adds these SPs after SA negotiation will be finished. In this case, all you have to do is to configure SPD in the client. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message