Date: Thu, 26 Apr 2001 14:48:28 +0900 From: Shoichi Sakane <sakane@ydc.co.jp> To: wollman@khavrinen.lcs.mit.edu Cc: gunther@aurora.regenstrief.org, freebsd-net@FreeBSD.ORG Subject: Re: VPN tunnel with DHCP ... Message-ID: <20010426144828V.sakane@ydc.co.jp> In-Reply-To: Your message of "Wed, 25 Apr 2001 17:25:29 -0400 (EDT)" <200104252125.RAA12766@khavrinen.lcs.mit.edu> References: <200104252125.RAA12766@khavrinen.lcs.mit.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
# This tread is being at three mailing list...
> >> now, the problem is that the ${sohoip} is dynamically assigned
> >> with DHCP. How can the gateway at the headquarter know that
> >> ${sohoip} address?
> I don't know whether this is actually possible to do yet. But, you
> should be able to configure racoon to use a public-key certificate for
> authentication, and identify your SOHO users by their names rather
> than the random DHCP address. However, it looks like you will still
> lose because racoon does not appear to have a mechanism to
> automatically add SPD entries based on the authenticated identity of
> an ``anonymous'' connection.
racoon-20010418a can do it experimentally if you specify "generate_policy"
in server's racoon.conf. racoon generates SP entries from ID payloads
in IKE phase 2 negotiation, then adds these SPs after SA negotiation
will be finished. In this case, all you have to do is to configure SPD
in the client.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010426144828V.sakane>