IPSEC with Dynamic IP addresses
Mike Tancsa
mike at sentex.net
Mon Jul 14 10:50:12 PDT 2003
Does anyone know of any documentation on how to do this ? I have searched
through google and I find lots of references to people saying, "use
certificates" but beyond that I havent found any actual documentation on
how to do it.
The setup is 30 client sites with dynamic IP addresses connecting to one
headoffice that has a static IP address. The 30 client sites all have
unique RFC 1918 based subnets behind them. The problem is how to do all
the setkey business. The client end can find out the ip address its
dynamically assigned and then do the appropriate setkey. But the
headoffice cannot do the same thing as it has not built in way of knowing
what the client endpoint is. I dont want to implement some additional
protocol to send the HQ saying, "Hi, I am IP address xxx, please contruct
your setkey accordingly" as it would be a security issue if not thought out
correctly. These are all very remote sites, so analog dialup is the only
connection available.
Any pointers would be great. Currently we are using mpd to dialup and then
tunnel across the mpd tunnel, but there is a resource leak somewhere in
doing this. There are other problems with this method as well so we would
like to avoid it.
---Mike
--------------------------------------------------------------------
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, mike at sentex.net
Providing Internet since 1994 www.sentex.net
Cambridge, Ontario Canada www.sentex.net/mike
More information about the freebsd-questions
mailing list