[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

IPSec+ipf with unpredictable remote addresses

To: misc@openbsd.org
Subject: IPSec+ipf with unpredictable remote addresses
From: "Michael R. Jinks" <mjinks@saecos.com>
Date: Mon, 22 Jan 2001 18:05:32 -0600
Organization: Saecos Corporation

Hi all.  This is probably a FAQ but I've missed it as usual.

Have isakmpd running happily, and I've gotten it to negotiate an SA with
a Win98 laptop running the PGP VPN client.  HOORAY!

But, when I try to ping a host on our protected subnet, my "default
deny" firewalling rules are blocking the esp packets on the OBSD box's
public interface.

Given that the laptop (and others like it) will be connecting from
dialup ISP accounts, how do I configure ipf to let them in without prior
knowledge of the IP address?  Obviously I could just say "pass [in|out]
from any to any proto = esp", but that seems inelegant at best.  What's
the Right Way(tm) to do this?

TIA,
-m
-- 
Michael Jinks, IB // Technical Entity // Saecos Corporation

Unix is the worst operating system; except for all others.
                -- Berry Kercheval

Prev by Date: Re: ftpd & tcp_wrappers
Next by Date: "cvs update: move away <somefile>; it is in the way"
Prev by thread: Mirroring { correction }
Next by thread: "cvs update: move away <somefile>; it is in the way"
Index(es):
- Date
- Thread