Date: Mon, 14 Jul 2003 13:34:51 -0000 From: Mike Tancsa <mike@sentex.net> To: questions@freebsd.org Subject: IPSEC with Dynamic IP addresses Message-ID: <5.2.0.9.0.20030714091115.01f2f7b0@209.112.4.2>
next in thread | raw e-mail | index | archive | help
Does anyone know of any documentation on how to do this ? I have searched through google and I find lots of references to people saying, "use certificates" but beyond that I havent found any actual documentation on how to do it. The setup is 30 client sites with dynamic IP addresses connecting to one headoffice that has a static IP address. The 30 client sites all have unique RFC 1918 based subnets behind them. The problem is how to do all the setkey business. The client end can find out the ip address its dynamically assigned and then do the appropriate setkey. But the headoffice cannot do the same thing as it has not built in way of knowing what the client endpoint is. I dont want to implement some additional protocol to send the HQ saying, "Hi, I am IP address xxx, please contruct your setkey accordingly" as it would be a security issue if not thought out correctly. These are all very remote sites, so analog dialup is the only connection available. Any pointers would be great. Currently we are using mpd to dialup and then tunnel across the mpd tunnel, but there is a resource leak somewhere in doing this. There are other problems with this method as well so we would like to avoid it. ---Mike -------------------------------------------------------------------- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, mike@sentex.net Providing Internet since 1994 www.sentex.net Cambridge, Ontario Canada www.sentex.net/mike
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5.2.0.9.0.20030714091115.01f2f7b0>