On 31.10.2003, at 00:38, cfs2 wrote:
> can add Dynamic DNS IPSec support in next m0n0wall?
> the function is very important.when tow office connect internet
> by ADSL
> thank you very much!
If somebody can send me a working racoon.conf for DynDNS (or just to
allow clients with dynamic IP addresses to connect, for that matter),
it will be no big problem to integrate that feature into m0n0wall.
However, at least the way I see it, racoon is a pretty limited and
patchy program, unfortunately. We may be able to support it by
including support for an "anonymous" sainfo/policy, but this of course
means that all your dynamic IP clients will have to use the same
pre-shared secret and other settings... it doesn't look like racoon can
differentiate policies based on anything else than IP addresses. So
this is not really a limitation in m0n0wall, but one in racoon. Which
of course doesn't mean there can't be some kind of workaround for it.