Date: Wed, 25 Apr 2001 16:43:32 -0400 From: "Matthew Emmerton" <matt@gsicomp.on.ca> To: "Gunther Schadow" <gunther@aurora.regenstrief.org>, <freebsd-net@FreeBSD.ORG> Subject: Re: VPN tunnel with DHCP ... Message-ID: <003101c0cdc8$64f8bcb0$1200a8c0@gsicomp.on.ca> References: <3AE7303F.957DE6DC@aurora.regenstrief.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> Hi,
>
> about my SOHO router project, I came accross a tough problem, may
> be I overlook that there is a solution already? The VPN gateway
> at the small office / home office (SOHO) has an IPsec tunnel
> connecting it to its headquarter:
>
> setkey -c <<END
> spdadd ${sohonet} ${homenet} -P out ipsec
> esp/tunnel/${sohoip}-${homeip}/require;
> spdadd ${homenet} ${sohonet} -P in ipsec
> esp/tunnel/${homeip}-${sohoip}/require;
> END
>
> now, the problem is that the ${sohoip} is dynamically assigned
> with DHCP. How can the gateway at the headquarter know that
> ${sohoip} address?
I had a similar situation which I had to work with a while ago, although I
used ssh tunnels instead of IPSec. I'm not sure if my method will work, but
it's worth an try.
Here's what I did:
1) Set the headquarters machine up with static IP and DNS.
2) Configure headquarters machine to allow PPP over TCP
3) Have remote hosts (with dynamic addresses) connect to headquarters
machine (static address) using PPP over TCP. The endpoints of this PPP
connection use "private" IPs, say 10.x.x.x or 192.168.x.x. Note that once
the connection is established, the addresses of both endpoints are known.
4) Create SSH tunnels in each direction
5) Forward all traffic over the SSH tunnel
In your case, you could probably use IPsec over the PPP connection instead
of SSH.
--
matt Emmerton
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?003101c0cdc8$64f8bcb0$1200a8c0>