From owner-freebsd-questions Fri Jul 12 9: 8: 5 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6DD3737B400; Fri, 12 Jul 2002 09:07:55 -0700 (PDT) Received: from internal.mail.telinco.net (internal.mail.telinco.net [212.1.128.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id A93A243E6D; Fri, 12 Jul 2002 09:07:54 -0700 (PDT) (envelope-from chris.scott@uk.tiscali.com) Received: from mk-fw-1.router.uk.worldonline.com ([212.74.112.53] helo=viper) by internal.mail.telinco.net with smtp (Exim 3.22 #1) id 17T2dn-0005Y2-00; Fri, 12 Jul 2002 16:47:31 +0100 Message-ID: <019701c229bb$6e2e0c90$a4102c0a@viper> From: "chris scott" To: , Subject: Raccon and dynamic IPs Date: Fri, 12 Jul 2002 16:47:30 +0100 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0194_01C229C3.CFBB5F00" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG This is a multi-part message in MIME format. ------=_NextPart_000_0194_01C229C3.CFBB5F00 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hi, I have currently setup a vpn between my dsl box at home and one at = work. I basically encrypt all gif tunnel traffic between the two boxes = and use racoon to do the key exchange. It al works fairly well. However = my box at home has a dynamic IP and this is where the problems start. I = have got they system to cope with a few shell scripts and remote ssh = commands, but it is messy and rather cludgy. What I really want to do is = to configure racoon to use a default key to initiate all key exchanges = unless the host is otherwise specified. However as far as I can see = racoon cant cope with wildcards or netblock notation. Am I correct in = thinking this as all the docs on raccoon are fairly sparse. What I would = really like to do is maybe use my dynamic host name or specify the ip = range my dsl connects in. Is this possible? I'm not to keen on = explicitly specifying every ip in the range I'm assigned as it is rather = a large one, although it would work. maybe something like this 1.2.3.4/16 secret or 5.6.7.8/255.255.128.0 secret or * secret etc regards Chris Scott MK NOC 0845 6684000 IMPORTANT NOTICE: This email may be confidential, may be legally privileged, and is for = the intended recipient only. Access, disclosure, copying, distribution, or reliance on any of it by anyone else is prohibited and may be a criminal offence. Please delete if obtained in error and email confirmation to = the sender. ------=_NextPart_000_0194_01C229C3.CFBB5F00 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
Hi,
 
I have currently setup a vpn between my = dsl=20  box at home and one at work. I basically encrypt all gif tunnel = traffic=20 between the two boxes and use racoon to do the key exchange. It al works = fairly=20 well. However my box at home has a dynamic IP and this is where the = problems=20 start. I have got they system to cope with a few shell scripts and = remote ssh=20 commands, but it is messy and rather cludgy. What I really want to do is = to=20 configure racoon to use a default key to initiate all key exchanges = unless the=20 host is otherwise specified. However as far as I can see racoon cant = cope with=20 wildcards or netblock notation. Am I correct in thinking this as all the = docs on=20 raccoon are fairly sparse. What I would really like to do is maybe use = my=20 dynamic host name or specify the ip range my dsl connects in. Is this = possible?=20 I'm not to keen on explicitly specifying every ip in the range I'm = assigned as=20 it is rather a large one, although it would work.
 
maybe something like this
 
1.2.3.4/16    = secret
or
 
5.6.7.8/255.255.128.0 = secret
 
or
 
*       =20         secret
 
etc
 
 
regards
 

Chris Scott
MK NOC
 
0845 6684000
 

IMPORTANT NOTICE:
This email may be confidential, may be = legally=20 privileged, and is for the
intended recipient only.  Access, = disclosure,=20 copying, distribution, or
reliance on any of it by anyone else is = prohibited=20 and may be a criminal
offence.  Please delete if obtained in = error and=20 email confirmation to the
sender.
------=_NextPart_000_0194_01C229C3.CFBB5F00-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message