Date: 03 Jul 2000 18:42:12 +0200 From: Samuel Tardieu <sam@inf.enst.fr> To: hackers@freebsd.org Subject: IPsec tunnels with dynamic addresses Message-ID: <2000-07-03-18-42-13%2Btrackit%2Bsam@antinea.enst.fr>
next in thread | raw e-mail | index | archive | help
The current situation: I have some machines with static IP addresses, and some other ones with dynamic IP addresses, permanently connected or not. What I would like: establish IPsec tunnels between a machine with a static IP and a machine with a dynamic one. The former solution I used: pipsecd, written by Pierre Beyssac, allows you to configure IPsec tunnels without having an IPsec stack in your kernel. These tunnels can have dynamic addresses: when an IPsec packet enters the machine with a static IP and has the right signature, this changes the tunnel dynamic end to be the machine that sent the packet. That means that sending a single packet from a new IP address was enough to reconfigure the whole tunnel. Is that doable with the current IPsec kernel implementation? Can we dynamically change security policies so that a new tunnel is created when some a packet with the right SPI is received? How can one intercept IPsec packet, since they are not tagged IPsec anymore when they arrive in userland? Sam -- Samuel Tardieu -- sam@inf.enst.fr To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2000-07-03-18-42-13%2Btrackit%2Bsam>