|
||||||||||
Me too, I would be interested in this functionality! m0n0wall will make it to production for 3-4 appliances already (since NAT is more flexible) to separate some networks for one of our customers. When this VPN issue gets fixed, we can propose the m0n0wall solution to our smaller customers too! Regards, Joachim P.S. If testing is needed, I'm here ;-) -----Original Message----- From: Manuel Kasper [mailto:mk at neon1 dot net] Sent: dinsdag 26 augustus 2003 15:50 To: Jukka Tainio Cc: m0n0wall at lists dot m0n0 dot ch Subject: Re: [m0n0wall] M0n0wall and IPSEC with dynamic WAN interface address On Tue, 26 Aug 2003, Jukka Tainio wrote: > Manuel, have you had any more plans on implementing the support for > dynamic (DHCP) address on WAN interface when using IPSEC. One of the > VPN endpoints, I'm going to use will be placed on a network that has > only dynamic ip:s available, it would spare me a lot of hassle if the > m0n0wall-vpn would work with dhcp... I'll look into it... Will probably require ugly kludges (a script that regenerates the SPD and Racoon configuration on-the-fly if the WAN IP address changes) that I don't really like to see in m0n0wall, but if there's no other way, I'll consider that. Maybe this weekend, but I won't make any promises. > 1) How would one set up VPN tunnel with dynamic host on the other end? > What should I use as "Remote gateway" on the static-ip -host? 0.0.0.0? I > understand, that it is only possible to establish connection from the > dynamic host side. That's right. We'll have to introduce another means of identification (not the remote address) for this scenario; preferably something that is supported by most commercial firewalls (pseudo host name?). Otherwise there's no way for racoon to tell which tunnel configuration the connecting dynamic endpoint belongs to. > 2) Does the m0n0wall have ipsec keepalive? It would be nice to have both > keepalive and autoconnect for the dynamic host. Otherwise people on the > lan of the static endpoint can't communicate to the dynamic endpoint. Or > is it just me getting this all wrong.... Mmmmh, I'll have to check out the peculiarities of Racoon's configuration file (and upgrade Racoon to the latest version while I'm at it) and see if there's support for it. Greets, Manuel --------------------------------------------------------------------- To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch ----------------------------------------------- MISSION STATEMENT ----------------------------------------------- Oce enables its customers to manage their documents efficiently and effectively by offering innovative print and document management products and services for professional environments. ----------------------------------------------- DISCLAIMER ----------------------------------------------- This e-mail message and any attachment are intended for the sole use of the recipient(s) named above and may contain information which is confidential and/or protected by intellectual property rights. Any use of the information contained herein (including, but not limited to, total or partial reproduction, communication or distribution in any form) by other persons than the designated recipient(s) is prohibited. If you have received this e-mail in error, please notify the sender either by telephone (0032-2-729.48.11) or by e-mail and delete the material from any computer. Oce-Belgium/Oce-Interservices is nor responsible for the correct and complete transfer of the contents of the sent e-mail, neither for the receipt on due time. This e-mail message does not bring about a contractual obligation for Oce-Belgium/Oce-Interservices. Thank you for your cooperation. For further information about Oce-Belgium/Oce-Interservices please see our website at www.oce.be ----------------------------------------------- |