|
||||||||||
Thanks much for the clarification Manuel. I will be patient and work with my system, I need to install something else right now for a client however. I appreciate all your great work. Thanks much, Eileen -----Original Message----- From: Manuel Kasper [mailto:mk at neon1 dot net] Sent: Tuesday, January 13, 2004 1:05 PM To: Eileen Kelleher Cc: <m0n0wall at lists dot m0n0 dot ch> Subject: Re: [m0n0wall] Setting up VPN access through m0n0wall On 13.01.2004, at 16:28, Eileen Kelleher wrote: > of which use the same subnets. I have a SafeNet softremote client on > my > pc because some of my clients are set up with NetScreen boxes that I > set > up with vpn access. I would like to do the same thing with my lan so I > can access my servers remotely. > > Can this be set up, or does the m0n0wall only do IPSEC from router to > router? As pointed out before, IPsec in m0n0wall only works with static IP addresses at this time. One of the next things I'm going to do as far as m0n0wall is concerned is trying to get rid of racoon and replacing it with isakmpd (while changing as little in the webGUI as possible and maintaining compatibility), which should finally make IPsec with dynamic IP addresses possible. isakmpd can negotiate policy, while racoon can't - here's what it says in racoon's port description: --- Design choice, not a bug: - racoon negotiate IPsec keys only. It does not negotiate policy. Policy must be configured into the kernel separately from racoon. If you want to support roaming clients, you may need to have a mechanism to put policy for the roaming client after phase 1 finishes. --- Be patient... - Manuel --------------------------------------------------------------------- To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch |