From owner-freebsd-questions@FreeBSD.ORG  Sat Apr 26 12:59:05 2003
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id A094137B401
	for <freebsd-questions@freebsd.org>;
	Sat, 26 Apr 2003 12:59:05 -0700 (PDT)
Received: from rackspace.mqtweb.com (rackspace.mqtweb.com [65.61.155.146])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 3894043FAF
	for <freebsd-questions@freebsd.org>;
	Sat, 26 Apr 2003 12:59:05 -0700 (PDT)
	(envelope-from plathrop@mqtweb.com)
Received: from mqtweb.com (unknown [204.38.206.254])
	by rackspace.mqtweb.com (Postfix) with ESMTP id 63F46320F5
	for <freebsd-questions@freebsd.org>;
	Sat, 26 Apr 2003 14:08:07 +0000 (GMT)
Date: Sat, 26 Apr 2003 15:59:01 -0400
Mime-Version: 1.0 (Apple Message framework v552)
Content-Type: text/plain; charset=US-ASCII; format=flowed
From: Paul Lathrop <plathrop@mqtweb.com>
To: freebsd-questions@freebsd.org
Content-Transfer-Encoding: 7bit
Message-Id: <8694C4E4-7821-11D7-B94A-000393BF3DE2@mqtweb.com>
X-Mailer: Apple Mail (2.552)
Subject: IPSec, Racoon, and roaming clients
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 26 Apr 2003 19:59:05 -0000

I have recently been asked to implement VPN access for some of our 
roaming employees. Our gateway is a FreeBSD 4.7 box that I administer. 
Our employees are all on cablemodem connections when they are out and 
about. I have discovered IPSec and racoon, of course, and dug through 
their documentation. I have also read several very good tutorials on 
the web. The trouble I am having is that all the information I can find 
is for setting up a VPN tunnel between two gateways. What I need is a 
VPN connection between a roaming host (with a dynamic IP) and our VPN 
gateway (static IP) which will allow access to the internal network 
behind that gateway (private IP addresses). I have successfully 
established the VPN connection between a roaming host and the gateway, 
but without access to the internal network. I can't seem to figure out 
how to tell setkey to configure a tunnel into the network without 
knowing ahead of time what the client's IP will be.

Can anybody give me some pointers?

Thanks,
Paul D. Lathrop