From owner-freebsd-questions Sun Jul 21 6:27:40 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A802A37B400; Sun, 21 Jul 2002 06:27:37 -0700 (PDT) Received: from srv1.cosmo-project.de (srv1.cosmo-project.de [213.83.6.106]) by mx1.FreeBSD.org (Postfix) with ESMTP id 98BD643E4A; Sun, 21 Jul 2002 06:27:36 -0700 (PDT) (envelope-from ticso@cicely5.cicely.de) Received: from cicely5.cicely.de (cicely5.cicely.de [IPv6:3ffe:400:8d0:301:200:92ff:fe9b:20e7]) (authenticated bits=0) by srv1.cosmo-project.de (8.12.3/8.12.3) with ESMTP id g6LDRV0i041873 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=OK); Sun, 21 Jul 2002 15:27:34 +0200 (CEST) (envelope-from ticso@cicely5.cicely.de) Received: from cicely5.cicely.de (localhost [IPv6:::1]) by cicely5.cicely.de (8.12.1/8.12.1) with ESMTP id g6LDRWFJ086561 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Sun, 21 Jul 2002 15:27:32 +0200 (CEST)?g (envelope-from ticso@cicely5.cicely.de) Received: (from ticso@localhost) by cicely5.cicely.de (8.12.1/8.12.1/Submit) id g6LDRVN0086560; Sun, 21 Jul 2002 15:27:31 +0200 (CEST)?g (envelope-from ticso) Date: Sun, 21 Jul 2002 15:27:31 +0200 From: Bernd Walter To: chris scott Cc: freebsd-questions@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: roaming ipsec policies and racoon Message-ID: <20020721132730.GB83916@cicely5.cicely.de> Reply-To: ticso@cicely.de References: <008501c2304c$59fbd800$a4102c0a@viper> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <008501c2304c$59fbd800$a4102c0a@viper> X-Operating-System: FreeBSD cicely5.cicely.de 5.0-CURRENT i386 User-Agent: Mutt/1.5.1i Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Sun, Jul 21, 2002 at 01:16:18AM +0100, chris scott wrote: > Hi, > > I am currently trying playing with IPSEC and racoon to provide a secure services for my users. They all use either freebsd or windows 2k/XP clients. They unfortunately all have dynamic ips 8(. I have successfully configured the ipsec policies and have got round the dynamic IP problem with the freebsd clients by using racoons peer and my identifier features to initiate the shared key communication. This all works fine. However I don't know how to do the same thing with windows 2000/XP. I can setup the ipsec policies on the clients easily enough, as I can the preshared key. I have no idea how to set the identifiers though. Without this racoon doesn't match a key on the psk.txt file as it uses the hosts ip rather than whatever@this.com and hence fails the key exchange. Has anyone got any clues to point me in the correct direction? With Windows you have to either use PPTP or L2TP/IPSec-tranport mode. Windows native implementation of IPSec-tunnel mode only works with fixed IPs. You still have the option to use a different implementation than that of Microsoft. -- B.Walter COSMO-Project http://www.cosmo-project.de ticso@cicely.de Usergroup info@cosmo-project.de To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message