Date: Fri, 12 Jul 2002 16:47:30 +0100 From: "chris scott" <chris.scott@uk.tiscali.com> To: <freebsd-questions@freebsd.org>, <freebsd-security@freebsd.org> Subject: Raccon and dynamic IPs Message-ID: <019701c229bb$6e2e0c90$a4102c0a@viper>
index | next in thread | raw e-mail
[-- Attachment #1 --] Hi, I have currently setup a vpn between my dsl box at home and one at work. I basically encrypt all gif tunnel traffic between the two boxes and use racoon to do the key exchange. It al works fairly well. However my box at home has a dynamic IP and this is where the problems start. I have got they system to cope with a few shell scripts and remote ssh commands, but it is messy and rather cludgy. What I really want to do is to configure racoon to use a default key to initiate all key exchanges unless the host is otherwise specified. However as far as I can see racoon cant cope with wildcards or netblock notation. Am I correct in thinking this as all the docs on raccoon are fairly sparse. What I would really like to do is maybe use my dynamic host name or specify the ip range my dsl connects in. Is this possible? I'm not to keen on explicitly specifying every ip in the range I'm assigned as it is rather a large one, although it would work. maybe something like this 1.2.3.4/16 secret or 5.6.7.8/255.255.128.0 secret or * secret etc regards Chris Scott MK NOC 0845 6684000 IMPORTANT NOTICE: This email may be confidential, may be legally privileged, and is for the intended recipient only. Access, disclosure, copying, distribution, or reliance on any of it by anyone else is prohibited and may be a criminal offence. Please delete if obtained in error and email confirmation to the sender. [-- Attachment #2 --] <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META http-equiv=Content-Type content="text/html; charset=iso-8859-1"> <META content="MSHTML 6.00.2716.2200" name=GENERATOR> <STYLE></STYLE> </HEAD> <BODY bgColor=#ffffff> <DIV><FONT face=Arial size=2>Hi,</FONT></DIV> <DIV><FONT face=Arial size=2></FONT> </DIV> <DIV><FONT face=Arial size=2>I have currently setup a vpn between my dsl box at home and one at work. I basically encrypt all gif tunnel traffic between the two boxes and use racoon to do the key exchange. It al works fairly well. However my box at home has a dynamic IP and this is where the problems start. I have got they system to cope with a few shell scripts and remote ssh commands, but it is messy and rather cludgy. What I really want to do is to configure racoon to use a default key to initiate all key exchanges unless the host is otherwise specified. However as far as I can see racoon cant cope with wildcards or netblock notation. Am I correct in thinking this as all the docs on raccoon are fairly sparse. What I would really like to do is maybe use my dynamic host name or specify the ip range my dsl connects in. Is this possible? I'm not to keen on explicitly specifying every ip in the range I'm assigned as it is rather a large one, although it would work.</FONT></DIV> <DIV><FONT face=Arial size=2></FONT> </DIV> <DIV><FONT face=Arial size=2>maybe something like this</FONT></DIV> <DIV><FONT face=Arial size=2></FONT> </DIV> <DIV><FONT face=Arial size=2>1.2.3.4/16 secret</FONT></DIV> <DIV><FONT face=Arial size=2>or</FONT></DIV> <DIV><FONT face=Arial size=2></FONT> </DIV> <DIV><FONT face=Arial size=2>5.6.7.8/255.255.128.0 secret</FONT></DIV> <DIV><FONT face=Arial size=2></FONT> </DIV> <DIV><FONT face=Arial size=2>or</FONT></DIV> <DIV><FONT face=Arial size=2></FONT> </DIV> <DIV><FONT face=Arial size=2>* secret</FONT></DIV> <DIV><FONT face=Arial size=2></FONT> </DIV> <DIV><FONT face=Arial size=2>etc</FONT></DIV> <DIV><FONT face=Arial size=2></FONT> </DIV> <DIV><FONT face=Arial size=2></FONT> </DIV> <DIV><FONT face=Arial size=2>regards</FONT></DIV> <DIV> </DIV><FONT face=Arial size=2> <DIV><BR>Chris Scott<BR>MK NOC</DIV> <DIV> </DIV> <DIV>0845 6684000</DIV> <DIV> </DIV> <DIV><BR>IMPORTANT NOTICE:<BR>This email may be confidential, may be legally privileged, and is for the<BR>intended recipient only. Access, disclosure, copying, distribution, or<BR>reliance on any of it by anyone else is prohibited and may be a criminal<BR>offence. Please delete if obtained in error and email confirmation to the<BR>sender.</FONT></DIV></BODY></HTML>help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?019701c229bb$6e2e0c90$a4102c0a>