Re: [m0n0wall] Missing Dynamic IPSec Feature

From:	Manuel Kasper <mk at neon1 dot net>
To:	Marc Bucher <marc dot bucher at gmail dot com>
Cc:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] Missing Dynamic IPSec Feature
Date:	Wed, 01 Feb 2006 19:53:30 +0100

On 01.02.06 19:06 +0100, Marc Bucher wrote:

> The m0n0wall works great! Easy to configure and many features. But
> one thing, we miss it. 
> 
> That would be IPSec Support with dynamic IP Adresses.
> 
>  
> 
> I saw, you have implement it in a previous Release of m0n0wall:
> 
> http://www.m0n0.ch/wall/list/showmsg.php?id=4/82

That post refers to supporting IPsec where the local m0n0wall's WAN
IP address is dynamic - not the remote end of a tunnel - whereas
you're probably looking for the latter. In the past, that
configuration wasn't possible (without some ugly hacks) with KAME
racoon. Things look different with ipsec-tools racoon (which we're
using since 1.21), so it might be possible now, but I haven't checked
yet. Any racoon.conf wizards out there?

- Manuel