[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

IPSec script + question

To: misc@openbsd.org
Subject: IPSec script + question
From: Hal Snyder <hal@vailsys.com>
Date: 23 Mar 2000 05:29:20 -0600
User-Agent: Gnus/5.0804 (Gnus v5.8.4) XEmacs/21.1 (Biscayne)

I've automated the process of creating manual-key startup scripts for
IPSec, shamelessly copying from OpenBSD's /usr/share/ipsec/rc.vpn.

The result is a perl CGI script. You can try it at
  http://www.enteract.com/~hal/ipsecgen.pl
and view source at
  http://www.enteract.com/~hal/ipsecgen.txt

Since the ipsecadm command is somewhat of a moving target, options to
enable/disable -local and -ingress options are individually selectable
for each peer. Configuration scripts are written directly into the
browser window because I didn't want to get into temp file issues at
the ISP account.


Now a question: Does OpenBSD IPSec support a remote DHCP client (with
SKIP this was called a "nomadic" client - the FreeS/WAN guys refer to
a "road warrior" mode) with manual or IKE keying? The IPSec FAQ
page and singlehost-east/-west examples in
/usr/src/sbin/isakmpd/samples suggest that a server doesn't need to
know in advance the IP address of a remote peer, but OTOH there
doesn't seem to be a simple way to configure the local part of an
IPSec tunnel dynamically.

If I missed this capability somehow, sample rc.vpn or isakmpd.conf
files would certainly help clear things up.
-- 
Hal Snyder
Vail Systems, Inc

Follow-Ups:
- Re: IPSec script + question
  - From: Chris Cappuccio <chris@dqc.org>

Prev by Date: Re: libssl/libcrypto confusion
Next by Date: passwd problem
Prev by thread: Re: possible ppp problems
Next by thread: Re: IPSec script + question
Index(es):
- Date
- Thread