Date: 14 Jul 2003 18:57:28 +0100 From: Stacey Roberts <stacey@vickiandstacey.com> To: Mike Tancsa <mike@sentex.net> Cc: FreeBSD Questions <freebsd-questions@FreeBSD.ORG> Subject: Re: IPSEC with Dynamic IP addresses Message-ID: <1058205447.64468.38.camel@localhost> In-Reply-To: <5.2.0.9.0.20030714134903.02374238@209.112.4.2> References: <5.2.0.9.0.20030714134903.02374238@209.112.4.2>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello, On Mon, 2003-07-14 at 18:51, Mike Tancsa wrote: > Does anyone know of any documentation on how to do this ? I have searched > through google and I find lots of references to people saying, "use > certificates" but beyond that I havent found any actual documentation on > how to do it. > > The setup is 30 client sites with dynamic IP addresses connecting to one > headoffice that has a static IP address. The 30 client sites all have > unique RFC 1918 based subnets behind them. The problem is how to do all > the setkey business. The client end can find out the ip address its > dynamically assigned and then do the appropriate setkey. But the > headoffice cannot do the same thing as it has not built in way of knowing > what the client endpoint is. I dont want to implement some additional > protocol to send the HQ saying, "Hi, I am IP address xxx, please contruct > your setkey accordingly" as it would be a security issue if not thought out > correctly. These are all very remote sites, so analog dialup is the only > connection available. > > Any pointers would be great. Currently we are using mpd to dialup and then > tunnel across the mpd tunnel, but there is a resource leak somewhere in > doing this. There are other problems with this method as well so we would > like to avoid it. > Try this link for a starter: http://www.wiretapped.net/~fyre/ipsec/ Hope this helps somewhat.., Regards, Stacey > ---Mike > -------------------------------------------------------------------- > Mike Tancsa, tel +1 519 651 3400 > Sentex Communications, mike@sentex.net > Providing Internet since 1994 www.sentex.net > Cambridge, Ontario Canada www.sentex.net/mike > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" -- Stacey Roberts B.Sc (HONS) Computer Science Web: www.vickiandstacey.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1058205447.64468.38.camel>