[ previous ] [ next ] [ threads ]
 
 From:  Manuel Kasper <mk at neon1 dot net>
 To:  "Eileen Kelleher" <eileen at kelltech dot biz>
 Cc:  <m0n0wall at lists dot m0n0 dot ch> <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] Setting up VPN access through m0n0wall
 Date:  Tue, 13 Jan 2004 21:04:41 +0100
On 13.01.2004, at 16:28, Eileen Kelleher wrote:

> of which use the same subnets.  I have a SafeNet softremote client on 
> my
> pc because some of my clients are set up with NetScreen boxes that I 
> set
> up with vpn access.  I would like to do the same thing with my lan so I
> can access my servers remotely.
>
> Can this be set up, or does the m0n0wall only do IPSEC from router to
> router?

As pointed out before, IPsec in m0n0wall only works with static IP 
addresses at this time. One of the next things I'm going to do as far 
as m0n0wall is concerned is trying to get rid of racoon and replacing 
it with isakmpd (while changing as little in the webGUI as possible and 
maintaining compatibility), which should finally make IPsec with 
dynamic IP addresses possible. isakmpd can negotiate policy, while 
racoon can't - here's what it says in racoon's port description:

---
Design choice, not a bug:
- racoon negotiate IPsec keys only.  It does not negotiate policy.  
Policy must
   be configured into the kernel separately from racoon.  If you want to
   support roaming clients, you may need to have a mechanism to put 
policy
   for the roaming client after phase 1 finishes.
---

Be patient...

- Manuel