[ previous ] [ next ] [ threads ]
 
 From:  "Daniele Guazzoni" <daniele dot guazzoni at gcomm dot ch>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  VPN with dynamic IP (details)
 Date:  Fri, 9 Jul 2004 23:37:03 +0200
Ok let me give some few more details:

Box A:
- m0n0wall 1.1b15 with static IP (ADSL termination with static DHCP
assignement).
- IPsec configured to allow mobile client.
- pre-shared key configured to match box B.

Box Z:
- m0n0wall 1.1b15 with dynamic IP (also ADSL).
- IPsec configured to build a tunnel to box A.

What happens:
- if we use "IP address" as identity (in tunnel config and pre-shared key)
box A does not recognize the remote identity and therefore cannot find the
matching PSK.
- if we use "domain name" as identity phase-1 comes up and that's it (no
phase-2 negotiation).
- I even tried to set into the PSK 0.0.0.0 as remote identity...

Any idea ?




regards


------------------------------------------------------------------
Daniele Guazzoni
Network & System Engineer
Cisco Certified Network Professional

E-Mail: daniele dot guazzoni at gcomm dot ch
Web:    http://www.gcomm.ch
------------------------------------------------------------------
"Destiny is not a matter of chance, it is a matter of choice;
it is not a thing to be waited for, it is a thing to be achieved."
                        William Jennings Bryan