Date: Tue, 22 Jan 2002 11:24:12 +0000 (GMT) From: =?iso-8859-1?q?Gavin=20Kenny?= <gavinkenny@yahoo.co.uk> To: questions@freebsd.org Subject: Re: VPN with dynamic IP's Message-ID: <20020122112412.21323.qmail@web20008.mail.yahoo.com> In-Reply-To: <ABDA876D71F9D211B39D0090274EA8E20917C3EE@Floyd.logica.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
> -----Original Message----- > From: Wayne Pascoe [mailto:freebsd@molemanarmy.com] > Sent: 21 January 2002 19:12 > To: freebsd-questions@freebsd.org > Subject: VPN with dynamic IP's > > > Hi all, > > Quick question about building a VPN. We have the > following > situation. Our office machine (and firewall) have > fixed IP > addresses. We also have several staff who have ADSL > connections at > home with dynamic IP's. > > Our current corporate firewall (Raptor) is > apparantly unable to > provide VPN services with dynamic IP addresses. This > is what our ops > people tell me. > > Can IPSEC provide this kind of solution ? Shouldn't > this be doable > using the private keys to authenticate ? I don't think it is doable just with IPSec as IPSec uses IP addresses to identify packets and therefore know what processing to do to them (encrypt/decrypt)IPSec does not even think about keys until it has identified a packet by it's IP address. IKE the IPSec key management deamon (called racoon on FreeBSD) does pass keys between hosts but I seem to remember that it again uses IP addresses as the initial means of working out if you are worth talking to. If you used a FreeBSD machine as your VPN gateway it could be concievable to write a little script, where your machine with a dynamic address could find out it's IP address and then send this to the firewall as a PGP protected email or something (ssh I guess, I've no experience of this) the firewall would then decrypt the new IP address using PGP and could then alter its SA/SP tables accordingly, racoon would then be automatically called when you first tried to connect and a key exchange would happen and hey presto secure comms. hope this is usefull cheers Gavin __________________________________________________ Do You Yahoo!? Everything you'll ever need on one web page from News and Sport to Email and Music Charts http://uk.my.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020122112412.21323.qmail>