Re: [m0n0wall] Re:[m0n0wall] Status report

From:	Manuel Kasper <mk at neon1 dot net>
To:	"cfs2" <cii633 at 21cn dot com>
Cc:	<m0n0wall at lists dot m0n0 dot ch>
Subject:	Re: [m0n0wall] Re:[m0n0wall] Status report
Date:	Fri, 31 Oct 2003 14:38:08 +0100

On 31.10.2003, at 00:38, cfs2 wrote:

>       can add Dynamic DNS IPSec support in next m0n0wall?
>      the function is very important.when tow office connect internet 
> by ADSL
>     thank you very much!

If somebody can send me a working racoon.conf for DynDNS (or just to 
allow clients with dynamic IP addresses to connect, for that matter), 
it will be no big problem to integrate that feature into m0n0wall. 
However, at least the way I see it, racoon is a pretty limited and 
patchy program, unfortunately. We may be able to support it by 
including support for an "anonymous" sainfo/policy, but this of course 
means that all your dynamic IP clients will have to use the same 
pre-shared secret and other settings... it doesn't look like racoon can 
differentiate policies based on anything else than IP addresses. So 
this is not really a limitation in m0n0wall, but one in racoon. Which 
of course doesn't mean there can't be some kind of workaround for it.

- Manuel