Date: Thu, 28 Sep 2000 09:20:10 -0700 (PDT) From: Kris Kennaway <kris@FreeBSD.org> To: Michael Robinson <robinson@netrinsics.com> Cc: freebsd-security@freebsd.org Subject: Re: Dialup IPSEC Message-ID: <Pine.BSF.4.21.0009280918560.97039-100000@freefall.freebsd.org> In-Reply-To: <200009281447.e8SEl7805639@netrinsics.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 28 Sep 2000, Michael Robinson wrote:
> Pipsecd supports dialup users by providing IP wildcards for security
> associations. This is very convenient.
>
> Racoon, on the other hand (according to the port description):
>
> "Design choice, not a bug:
> - racoon negotiate IPsec keys only. It does not negotiate policy. Policy
> must be configured into the kernel separately from racoon. If you want
> to support roaming clients, you may need to have a mechanism to put
> policy for the roaming client after phase 1 finhises."
>
> Does anyone have a working dialup solution for the KAME kernel IPSEC
> implementation?
Perhaps my brain hasnt spun up yet this early in the morning, but can't
you just specify the appropriate range of addresses in the spdadd entry?
Kris
--
In God we Trust -- all others must submit an X.509 certificate.
-- Charles Forsythe <forsythe@alum.mit.edu>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0009280918560.97039-100000>