[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
IPSec+ipf with unpredictable remote addresses
- To: email@example.com
- Subject: IPSec+ipf with unpredictable remote addresses
- From: "Michael R. Jinks" <firstname.lastname@example.org>
- Date: Mon, 22 Jan 2001 18:05:32 -0600
- Organization: Saecos Corporation
Hi all. This is probably a FAQ but I've missed it as usual.
Have isakmpd running happily, and I've gotten it to negotiate an SA with
a Win98 laptop running the PGP VPN client. HOORAY!
But, when I try to ping a host on our protected subnet, my "default
deny" firewalling rules are blocking the esp packets on the OBSD box's
Given that the laptop (and others like it) will be connecting from
dialup ISP accounts, how do I configure ipf to let them in without prior
knowledge of the IP address? Obviously I could just say "pass [in|out]
from any to any proto = esp", but that seems inelegant at best. What's
the Right Way(tm) to do this?
Michael Jinks, IB // Technical Entity // Saecos Corporation
Unix is the worst operating system; except for all others.
-- Berry Kercheval