[ previous ] [ next ] [ threads ]
 From:  Christiaens Joachim <jchristi at oce dot be>
 To:  "'Manuel Kasper'" <mk at neon1 dot net>, Jukka Tainio <Jukka dot Tainio at Kase dot fi>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  RE: [m0n0wall] M0n0wall and IPSEC with dynamic WAN interface addr ess
 Date:  Tue, 26 Aug 2003 15:54:51 +0200
Me too, I would be interested in this functionality!

m0n0wall will make it to production for 3-4 appliances already (since NAT is
more flexible) to separate some networks for one of our customers.

When this VPN issue gets fixed, we can propose the m0n0wall solution to our
smaller customers too!


P.S. If testing is needed, I'm here ;-)

-----Original Message-----
From: Manuel Kasper [mailto:mk at neon1 dot net]
Sent: dinsdag 26 augustus 2003 15:50
To: Jukka Tainio
Cc: m0n0wall at lists dot m0n0 dot ch
Subject: Re: [m0n0wall] M0n0wall and IPSEC with dynamic WAN interface

On Tue, 26 Aug 2003, Jukka Tainio wrote:

> Manuel, have you had any more plans on implementing the support for
> dynamic (DHCP) address on WAN interface when using IPSEC.  One of the
> VPN endpoints, I'm going to use will be placed on a network that has
> only dynamic ip:s available, it would spare me a lot of hassle if the
> m0n0wall-vpn would work with dhcp...

I'll look into it... Will probably require ugly kludges (a script that
regenerates the SPD and Racoon configuration on-the-fly if the WAN IP
address changes) that I don't really like to see in m0n0wall, but if
there's no other way, I'll consider that. Maybe this weekend, but I won't
make any promises.

> 1) How would one set up VPN tunnel with dynamic host on the other end?
> What should I use as "Remote gateway" on the static-ip -host? I
> understand, that it is only possible to establish connection from the
> dynamic host side.

That's right. We'll have to introduce another means of identification (not
the remote address) for this scenario; preferably something that is
supported by most commercial firewalls (pseudo host name?). Otherwise
there's no way for racoon to tell which tunnel configuration the
connecting dynamic endpoint belongs to.

> 2) Does the m0n0wall have ipsec keepalive? It would be nice to have both
> keepalive and autoconnect for the dynamic host. Otherwise people on the
> lan of the static endpoint can't communicate to the dynamic endpoint. Or
> is it just me getting this all wrong....

Mmmmh, I'll have to check out the peculiarities of Racoon's configuration
file (and upgrade Racoon to the latest version while I'm at it) and see if
there's support for it.



To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch

Oce enables its customers to manage their documents efficiently and
effectively by offering innovative print and document management products
and services for professional environments.

This e-mail message and any attachment are intended for the sole use of the
recipient(s) named above and may contain information which is confidential
and/or protected by intellectual property rights.
Any use of the information contained herein (including, but not limited to,
total or partial reproduction, communication or distribution in any form) by
other persons than the designated recipient(s) is prohibited.

If you have received this e-mail in error, please notify the sender either
by telephone (0032-2-729.48.11) or by e-mail and delete the material from
any computer.
Oce-Belgium/Oce-Interservices is nor responsible for the correct and
complete transfer of the contents of the sent e-mail, neither for the
receipt on due time.  This e-mail message does not bring about a contractual
obligation for Oce-Belgium/Oce-Interservices.

Thank you for your cooperation.

For further information about Oce-Belgium/Oce-Interservices please see our
website at www.oce.be