IPSEC with Dynamic IP addresses

Stacey Roberts stacey at vickiandstacey.com
Mon Jul 14 10:59:17 PDT 2003


Hello,

On Mon, 2003-07-14 at 18:51, Mike Tancsa wrote:
> Does anyone know of any documentation on how to do this ?  I have searched 
> through google and I find lots of references to people saying, "use 
> certificates" but beyond that I havent found any actual documentation on 
> how to do it.
> 
> The setup is 30 client sites with dynamic IP addresses connecting to one 
> headoffice that has a static IP address. The 30 client sites all have 
> unique RFC 1918 based subnets behind them.  The problem is how to do all 
> the setkey business.  The client end can find out the ip address its 
> dynamically assigned and then do the appropriate setkey.  But the 
> headoffice cannot do the same thing as it has not built in way of knowing 
> what the client endpoint is. I dont want to implement some additional 
> protocol to send the HQ saying, "Hi, I am IP address xxx, please contruct 
> your setkey accordingly" as it would be a security issue if not thought out 
> correctly.  These are all very remote sites, so analog dialup is the only 
> connection available.
> 
> Any pointers would be great.  Currently we are using mpd to dialup and then 
> tunnel across the mpd tunnel, but there is a resource leak somewhere in 
> doing this. There are other problems with this method as well so we would 
> like to avoid it.
> 

Try this link for a starter:
http://www.wiretapped.net/~fyre/ipsec/

Hope this helps somewhat..,

Regards,

Stacey

> 	---Mike
> --------------------------------------------------------------------
> Mike Tancsa,                          	          tel +1 519 651 3400
> Sentex Communications,     			  mike at sentex.net
> Providing Internet since 1994                    www.sentex.net
> Cambridge, Ontario Canada			  www.sentex.net/mike
> 
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
-- 
Stacey Roberts
B.Sc (HONS) Computer Science

Web: www.vickiandstacey.com




More information about the freebsd-questions mailing list