From owner-freebsd-net Thu May 16 9:33: 7 2002 Delivered-To: freebsd-net@freebsd.org Received: from hottub.hottub.org (hottub.org [66.60.164.74]) by hub.freebsd.org (Postfix) with ESMTP id 2255B37B408 for ; Thu, 16 May 2002 09:32:58 -0700 (PDT) Received: by hottub.hottub.org (Postfix, from userid 1100) id E0B1E213BC; Thu, 16 May 2002 09:30:58 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by hottub.hottub.org (Postfix) with ESMTP id D301B213BB for ; Thu, 16 May 2002 09:30:58 -0700 (PDT) Date: Thu, 16 May 2002 09:30:58 -0700 (PDT) From: Matthew Zahorik X-X-Sender: matt@hottub To: freebsd-net@freebsd.org Subject: IPsec and dynamically assigned IPs Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org All: I am unclear regarding spdadd arguments and my VPN setup. I'm attempting to replace Nortel's Contivity Extranet Client on Windows with a racoon/ipsec solution. I'm unsure if this is a "tunnel" or "transport" connection. I contact a fixed server at 205.173.93.x. This is a contivity switch. My client is an IP address assigned by RoadRunner. During IKE (user w/ SecureID hard token, aggressive mode) another IP address is assigned (3.179.89.x) by the contivity. How do I express this in spdadd so that I can fire off racoon? [client] 66.67.157.x (RoadRunner IP, dynamic, known at spdadd time) | [tunnel? endpoint] 3.179.89.x (dynamic, assigned during/after IKE) | { Internet } | [tunnel? endpoint] ?.?.?.? (fixed, traceroute shows 3.179.68.x 1st hop) | [server] 205.173.93.x (fixed, known at spdadd time) Thanks! - Matt To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message