[ previous ] [ next ] [ threads ]
 From:  "Chad R. Larson" <clarson at eldocomp dot com>
 To:  Jorgen Norrman <jurg at home dot se>, "m0n0wall at lists dot m0n0 dot ch" <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] IPSEC on boxes which uses DHCP on theirWANinterface
 Date:  Fri, 16 Jan 2004 16:15:45 -0700
At 02:29 PM 1/16/2004, Jorgen Norrman wrote:
>As I was writing. What's the difference for IPSEC ? Why can't IPSEC 
>handles an IP-adress that was dynamically assigned ? (even if the 
>dynamically assigned adress never change)

It won't.  It can't tell how you got the address, but it has to know what 
it is.  So, if it changes, the system on the other end has to be notified 
of the change somehow.

The WAN address on my net4501 is handed to me by a DHCP server on the Cox 
Communications cable net.  It is currently with a netmask of  As long as I stay connected and renew my lease like a good 
boy (RFC says at one half the lease duration), I keep the same one.  But, 
for example, when I had the Soekris box taken apart to install a wireless 
card I lost the lease and got a different address when I got back up.

That meant I had to get logged onto the VPN endpoint at the office to 
notify it of my new address before I could bring my encrypted tunnel back up.

Chad R. Larson (CRL22)    chad at eldocomp dot com
   Eldorado Computing, Inc.   602-604-3100
      5353 North 16th Street, Suite 400
        Phoenix, Arizona   85016-3228


This message is intended for the sole use of the individual and entity to whom it is addressed, and
may contain information that is privileged, confidential and exempt from disclosure under applicable
law. If you are not the intended addressee, nor authorized to receive for the intended addressee,
you are hereby notified that you may not use, copy, disclose or distribute to anyone the message or
any information contained in the message. If you have received this message in error, please
immediately advise the sender by reply email, and delete the message. Thank you.