[ previous ] [ next ] [ threads ]
 
 From:  "Eileen Kelleher" <eileen at kelltech dot biz>
 To:  "Manuel Kasper" <mk at neon1 dot net>
 Cc:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Setting up VPN access through m0n0wall
 Date:  Tue, 13 Jan 2004 19:26:10 -0700
Thanks much for the clarification Manuel.  I will be patient and work
with my system, I need to install something else right now for a client
however.

I appreciate all your great work.  Thanks much,
Eileen

-----Original Message-----
From: Manuel Kasper [mailto:mk at neon1 dot net] 
Sent: Tuesday, January 13, 2004 1:05 PM
To: Eileen Kelleher
Cc: <m0n0wall at lists dot m0n0 dot ch>
Subject: Re: [m0n0wall] Setting up VPN access through m0n0wall

On 13.01.2004, at 16:28, Eileen Kelleher wrote:

> of which use the same subnets.  I have a SafeNet softremote client on 
> my
> pc because some of my clients are set up with NetScreen boxes that I 
> set
> up with vpn access.  I would like to do the same thing with my lan so
I
> can access my servers remotely.
>
> Can this be set up, or does the m0n0wall only do IPSEC from router to
> router?

As pointed out before, IPsec in m0n0wall only works with static IP 
addresses at this time. One of the next things I'm going to do as far 
as m0n0wall is concerned is trying to get rid of racoon and replacing 
it with isakmpd (while changing as little in the webGUI as possible and 
maintaining compatibility), which should finally make IPsec with 
dynamic IP addresses possible. isakmpd can negotiate policy, while 
racoon can't - here's what it says in racoon's port description:

---
Design choice, not a bug:
- racoon negotiate IPsec keys only.  It does not negotiate policy.  
Policy must
   be configured into the kernel separately from racoon.  If you want to
   support roaming clients, you may need to have a mechanism to put 
policy
   for the roaming client after phase 1 finishes.
---

Be patient...

- Manuel


---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch