Date: Thu, 28 Sep 2000 09:20:10 -0700 (PDT) From: Kris Kennaway <kris@FreeBSD.org> To: Michael Robinson <robinson@netrinsics.com> Cc: freebsd-security@freebsd.org Subject: Re: Dialup IPSEC Message-ID: <Pine.BSF.4.21.0009280918560.97039-100000@freefall.freebsd.org> In-Reply-To: <200009281447.e8SEl7805639@netrinsics.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 28 Sep 2000, Michael Robinson wrote: > Pipsecd supports dialup users by providing IP wildcards for security > associations. This is very convenient. > > Racoon, on the other hand (according to the port description): > > "Design choice, not a bug: > - racoon negotiate IPsec keys only. It does not negotiate policy. Policy > must be configured into the kernel separately from racoon. If you want > to support roaming clients, you may need to have a mechanism to put > policy for the roaming client after phase 1 finhises." > > Does anyone have a working dialup solution for the KAME kernel IPSEC > implementation? Perhaps my brain hasnt spun up yet this early in the morning, but can't you just specify the appropriate range of addresses in the spdadd entry? Kris -- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe <forsythe@alum.mit.edu> To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0009280918560.97039-100000>