[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPSec script + question

To: Hal Snyder <hal@vailsys.com>
Subject: Re: IPSec script + question
From: Chris Cappuccio <chris@dqc.org>
Date: Thu, 23 Mar 2000 13:47:21 -0800 (PST)
Cc: misc@openbsd.org

On 23 Mar 2000, Hal Snyder wrote:

 | Now a question: Does OpenBSD IPSec support a remote DHCP client (with
 | SKIP this was called a "nomadic" client - the FreeS/WAN guys refer to
 | a "road warrior" mode) with manual or IKE keying? The IPSec FAQ
 | page and singlehost-east/-west examples in
 | /usr/src/sbin/isakmpd/samples suggest that a server doesn't need to
 | know in advance the IP address of a remote peer, but OTOH there
 | doesn't seem to be a simple way to configure the local part of an
 | IPSec tunnel dynamically.
 | 

I doubt this is possible with manual keying,

But with isakmpd, Hakan Olsson helped me, and so here is how I did it:

In [Phase 1], you have IP=	[section]

Change the IP address to Default

So it says Default=	[section]

And under the corresponding [section], you can take out the Address= and just
have Local-address=

Then, in [Phase 2], change Connections= to Passive-connections=

This will cause isakmpd to NOT attempt to make an outgoing connection to the
ID-type listead as the Remote-ID for the section which it points to.  (If
that made any sense ;) So, you can just put any IP address in for the
Remote-ID

This will be covered in the FAQ soon..

---
Reverend Chris Cappuccio
http://www.dqc.org/~chris/

References:
- IPSec script + question
  - From: Hal Snyder <hal@vailsys.com>

Prev by Date: Re: Help with ports installing
Next by Date: Re: MP3s
Prev by thread: IPSec script + question
Next by thread: passwd problem
Index(es):
- Date
- Thread