Date: Wed, 19 Sep 2001 01:35:15 -0700 (PDT) From: Jerry Murdock <jerry_murdock@yahoo.com> To: freebsd-net@FreeBSD.ORG Subject: Re: IPSEC Tunnels vs Dynamoic IPs Message-ID: <20010919083515.69302.qmail@web14608.mail.yahoo.com> In-Reply-To: <Pine.LNX.4.33.0109191659200.792-100000@gardafou.k-net.eu.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Thanks, I know from an IPSEC perspective it is do-able. I've done it with several other products without problems. I'm hoping to get a FreeBSD specific answer. My real questions concern if and how gifconfig/gif and setkey/spdadd can manage a dynamic endpoint(0.0.0.0?). And if I should look toward isakmpd or racoon. From what I've read to-date if I want IKE, it would need to be via isakmpd. But I can live without IKE. If it's possible I'll solve it, but my hope is that someone who has done it with FreeBSD will at least come along and say yea or nay before I tear down my test sytems to knock it around. JM --- Jean-Francois Dive <jef@linuxbe.org> wrote: > > Hi, > > The simple answer is no, but in fact it is possible, following the IPSec > implementation. I am sorry but i am new to freeBSD but am pretty used to > IPSec with Cisco and other stuffs. > > So, what you need is to use wildcards network peer definition (still i > dont know the freeBSD IPSec implementation nor the way to configure it). > This will allow the remote Peer (dyn) to be allowed to start the IKE nego. > > The security point is that you cant avoid other people to try to connect > to IKE, but this is the way all remote client VPN gateways are configured, > so i dont think it is a big issue. > > Another point to pay attention too is to *not* NAT the traffic that is > encrypted, because you'll then hit a "proxy identities mismatch" error for > IKE nesociation. > > Hope that help, > > JeF > > On Tue, 18 Sep 2001, Jerry Murdock wrote: > > > Can an IPSEC tunnel be established between two LANs when one side is using > > PPPoE/DSL with dynamic IP using either manual keys or IKE? > > > > IOW: > > > > LAN 1 (10.2.2.0/24) > > | > > FreeBSD Gateway(T1/Static IP) > > | > > | > > IPSEC Tunnel over Internet > > | > > | > > FreeBSD Gateway(PPPoE/Dynamic IP) > > | > > LAN 2 (10.1.1.0/24) > > > > > > I've looked at several resources and cant find anything on this, and would > > like a little advice before digging deeper. > > > > A simple "yes," "no," or "ARE YOU NUTS!?" would be adequate, but any > > pointers on a "yes" answer would be great. > > > > Thanks, > > Jerry __________________________________________________ Terrorist Attacks on U.S. - How can you help? Donate cash, emergency relief information http://dailynews.yahoo.com/fc/US/Emergency_Information/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010919083515.69302.qmail>