On 13.01.2004, at 16:28, Eileen Kelleher wrote:
> of which use the same subnets. I have a SafeNet softremote client on
> pc because some of my clients are set up with NetScreen boxes that I
> up with vpn access. I would like to do the same thing with my lan so I
> can access my servers remotely.
> Can this be set up, or does the m0n0wall only do IPSEC from router to
As pointed out before, IPsec in m0n0wall only works with static IP
addresses at this time. One of the next things I'm going to do as far
as m0n0wall is concerned is trying to get rid of racoon and replacing
it with isakmpd (while changing as little in the webGUI as possible and
maintaining compatibility), which should finally make IPsec with
dynamic IP addresses possible. isakmpd can negotiate policy, while
racoon can't - here's what it says in racoon's port description:
Design choice, not a bug:
- racoon negotiate IPsec keys only. It does not negotiate policy.
be configured into the kernel separately from racoon. If you want to
support roaming clients, you may need to have a mechanism to put
for the roaming client after phase 1 finishes.