From owner-freebsd-net Fri Nov 16 12: 5:49 2001 Delivered-To: freebsd-net@freebsd.org Received: from InterJet.elischer.org (c421509-a.pinol1.sfba.home.com [24.7.86.9]) by hub.freebsd.org (Postfix) with ESMTP id 64DAE37B416 for ; Fri, 16 Nov 2001 12:05:47 -0800 (PST) Received: from localhost (localhost.elischer.org [127.0.0.1]) by InterJet.elischer.org (8.9.1a/8.9.1) with ESMTP id LAA14671; Fri, 16 Nov 2001 11:51:33 -0800 (PST) Date: Fri, 16 Nov 2001 11:51:31 -0800 (PST) From: Julian Elischer To: Shoichi Sakane Cc: icb-bsd@wi.rr.com, rsmith@vetx.com, freebsd-net@FreeBSD.ORG Subject: Re: Re[2]: IPSEC / RAPTOR Firewall Interaction In-Reply-To: <20011116141045I.sakane@kame.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org The person who you really have to speak to is Andre Oppermann Unfortunatly he just left his job and so I don't have his new email address on me.. I wrote the basic driver for him and he has the legal side of it.. julian On Fri, 16 Nov 2001, Shoichi Sakane wrote: > > What about info in regards to running a FreeBSD IPSEC server (racoon) > > with DHCP clients (road warriors)? I haven't seen anything about that...is it > > possible? If so...any links to info? Thanks in advance. > > racoon can exchange SAs in such a scenario by using "generate_policy" > directive. but there is no documentation. the only one is probably > racoon.conf(5). you know there are some scenario about "road warriors". > also, IKE and IPsec have many tweaks. so there are some solutions to > solve scenarios. here is one of them. > > i'm using a laptop PC and the ip address is assigned dynamically. > i access to the mail server from my laptop. i only use the ipsec > transport mode. i use certificates because this is the way to solve > the scenario with IKE main mode. i attach my configuration to this mail. > > 1. racoon.conf in the laptop. > 2. policy parameter in the laptop. > 3. racoon.conf in the server. > no need server's policy configuration. > > it hope it help you. > > regards, > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message