From owner-freebsd-net  Fri Nov 16 12:23: 4 2001
Delivered-To: freebsd-net@freebsd.org
Received: from InterJet.elischer.org (c421509-a.pinol1.sfba.home.com [24.7.86.9])
	by hub.freebsd.org (Postfix) with ESMTP id 1404637B416
	for <freebsd-net@FreeBSD.ORG>; Fri, 16 Nov 2001 12:22:59 -0800 (PST)
Received: from localhost (localhost.elischer.org [127.0.0.1])
	by InterJet.elischer.org (8.9.1a/8.9.1) with ESMTP id MAA14810;
	Fri, 16 Nov 2001 12:10:31 -0800 (PST)
Date: Fri, 16 Nov 2001 12:10:29 -0800 (PST)
From: Julian Elischer <julian@elischer.org>
To: Shoichi Sakane <sakane@kame.net>
Cc: icb-bsd@wi.rr.com, rsmith@vetx.com, freebsd-net@FreeBSD.ORG
Subject: Re: Re[2]: IPSEC / RAPTOR Firewall Interaction
In-Reply-To: <Pine.BSF.4.21.0111161150080.6632-100000@InterJet.elischer.org>
Message-ID: <Pine.BSF.4.21.0111161209550.6632-100000@InterJet.elischer.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-net.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-net>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-net>
X-Loop: FreeBSD.org

ignore this mail
it was sent in error.. the answer was to a different email


On Fri, 16 Nov 2001, Julian Elischer wrote:

> The person who you really have to speak to is Andre Oppermann
> Unfortunatly he just left his job and so I don't have his new email
> address on me..
> I wrote the basic driver for him and he has the legal side of it..
> 
> julian
> 
> On Fri, 16 Nov 2001, Shoichi Sakane wrote:
> 
> > > What about info in regards to running a FreeBSD IPSEC server (racoon)
> > > with DHCP clients (road warriors)?  I haven't seen anything about that...is it
> > > possible?  If so...any links to info? Thanks in advance.
> > 
> > racoon can exchange SAs in such a scenario by using "generate_policy"
> > directive.  but there is no documentation.  the only one is probably
> > racoon.conf(5).  you know there are some scenario about "road warriors".
> > also, IKE and IPsec have many tweaks.  so there are some solutions to
> > solve scenarios.  here is one of them.
> > 
> > i'm using a laptop PC and the ip address is assigned dynamically.
> > i access to the mail server from my laptop.  i only use the ipsec
> > transport mode.  i use certificates because this is the way to solve
> > the scenario with IKE main mode.  i attach my configuration to this mail.
> > 
> > 1. racoon.conf in the laptop.
> > 2. policy parameter in the laptop.
> > 3. racoon.conf in the server.
> > no need server's policy configuration.
> > 
> > it hope it help you.
> > 
> > regards,
> > 
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-net" in the body of the message
> 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message