Date: Fri, 12 Jul 2002 16:47:30 +0100 From: "chris scott" <chris.scott@uk.tiscali.com> To: <freebsd-questions@freebsd.org>, <freebsd-security@freebsd.org> Subject: Raccon and dynamic IPs Message-ID: <019701c229bb$6e2e0c90$a4102c0a@viper>
next in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format. ------=_NextPart_000_0194_01C229C3.CFBB5F00 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hi, I have currently setup a vpn between my dsl box at home and one at = work. I basically encrypt all gif tunnel traffic between the two boxes = and use racoon to do the key exchange. It al works fairly well. However = my box at home has a dynamic IP and this is where the problems start. I = have got they system to cope with a few shell scripts and remote ssh = commands, but it is messy and rather cludgy. What I really want to do is = to configure racoon to use a default key to initiate all key exchanges = unless the host is otherwise specified. However as far as I can see = racoon cant cope with wildcards or netblock notation. Am I correct in = thinking this as all the docs on raccoon are fairly sparse. What I would = really like to do is maybe use my dynamic host name or specify the ip = range my dsl connects in. Is this possible? I'm not to keen on = explicitly specifying every ip in the range I'm assigned as it is rather = a large one, although it would work. maybe something like this 1.2.3.4/16 secret or 5.6.7.8/255.255.128.0 secret or * secret etc regards Chris Scott MK NOC 0845 6684000 IMPORTANT NOTICE: This email may be confidential, may be legally privileged, and is for = the intended recipient only. Access, disclosure, copying, distribution, or reliance on any of it by anyone else is prohibited and may be a criminal offence. Please delete if obtained in error and email confirmation to = the sender. ------=_NextPart_000_0194_01C229C3.CFBB5F00 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META http-equiv=3DContent-Type content=3D"text/html; = charset=3Diso-8859-1"> <META content=3D"MSHTML 6.00.2716.2200" name=3DGENERATOR> <STYLE></STYLE> </HEAD> <BODY bgColor=3D#ffffff> <DIV><FONT face=3DArial size=3D2>Hi,</FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2>I have currently setup a vpn between my = dsl=20 box at home and one at work. I basically encrypt all gif tunnel = traffic=20 between the two boxes and use racoon to do the key exchange. It al works = fairly=20 well. However my box at home has a dynamic IP and this is where the = problems=20 start. I have got they system to cope with a few shell scripts and = remote ssh=20 commands, but it is messy and rather cludgy. What I really want to do is = to=20 configure racoon to use a default key to initiate all key exchanges = unless the=20 host is otherwise specified. However as far as I can see racoon cant = cope with=20 wildcards or netblock notation. Am I correct in thinking this as all the = docs on=20 raccoon are fairly sparse. What I would really like to do is maybe use = my=20 dynamic host name or specify the ip range my dsl connects in. Is this = possible?=20 I'm not to keen on explicitly specifying every ip in the range I'm = assigned as=20 it is rather a large one, although it would work.</FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2>maybe something like this</FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2>1.2.3.4/16 = secret</FONT></DIV> <DIV><FONT face=3DArial size=3D2>or</FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2>5.6.7.8/255.255.128.0 = secret</FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2>or</FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2>* =20 secret</FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2>etc</FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2>regards</FONT></DIV> <DIV> </DIV><FONT face=3DArial size=3D2> <DIV><BR>Chris Scott<BR>MK NOC</DIV> <DIV> </DIV> <DIV>0845 6684000</DIV> <DIV> </DIV> <DIV><BR>IMPORTANT NOTICE:<BR>This email may be confidential, may be = legally=20 privileged, and is for the<BR>intended recipient only. Access, = disclosure,=20 copying, distribution, or<BR>reliance on any of it by anyone else is = prohibited=20 and may be a criminal<BR>offence. Please delete if obtained in = error and=20 email confirmation to the<BR>sender.</FONT></DIV></BODY></HTML> ------=_NextPart_000_0194_01C229C3.CFBB5F00-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?019701c229bb$6e2e0c90$a4102c0a>