Date: Mon, 12 Mar 2001 10:06:37 -0600 From: Bob Van Valzah <Bob@Talarian.Com> To: pW <packetwhore@stargate.net> Cc: FreeBSD-Security@FreeBSD.Org, FreeBSD-Questions@FreeBSD.Org Subject: Re: Racoon Problem & Cisco Tunnel Message-ID: <3AACF40D.4080504@Talarian.Com> References: <Pine.BSF.4.32.0103112341130.11277-100000@beastie>
next in thread | previous in thread | raw e-mail | index | archive | help
Yes. The five DSL setups with which I'm familiar all grant at least one public address per house. I believe all are static, but one might be dynamic. Interference with protocols like IPSec is one of the reasons why I'd make a public address a requirement when choising a DSL provider. When it comes to NAT, I'm with Vint Cerf--avoid it if at all possible. Let's hasten the deployment of IPv6. Bob pW wrote: > Out of curiosity... > do your DSL users have public static IPs? I work at an ISP and almost all > of our DSL customers have static private IPs and use NAT for public > ones... just wondering because you may have to enable some sort of NAT > transparency otherwise it may break the VPN... > > just a thought... > > shawn > > On Sun, 11 Mar 2001, Bob Van Valzah wrote: > >> I have several remote FreeBSD users who want to connect their home LANs >> to my trusted network over an IPSec tunnel via a DSL connection. I'd >> like my end of the tunnel to terminate on a Cisco if possible. (Though I >> do have many FreeBSD boxes handy, I just feel better when layer-2 >> infrastructure doesn't depend on boxes with hard drives.) Any general >> advice on how to do this would be appreciated. >> >> As near as I can tell, I have to run racoon and configure it for >> pre-shared keys to talk to the cisco. But I don't think the racoon is >> even starting right. I get this message: "ERROR: >> pfkey.c:207:pfkey_handler(): pfkey X_SPDDUMP failed No such file or >> directory." Happens with the config files I've written and the stock >> ones. I'm running a freshly sup'd box with racoon-20010222a built from >> ports. >> >> All help and advice appreciated. >> >> Thanks, >> >> Bob >> >> >> To Unsubscribe: send mail to majordomo@FreeBSD.org >> with "unsubscribe freebsd-security" in the body of the message >> To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3AACF40D.4080504>