Hi,
about my SOHO router project, I came accross a tough problem, may
be I overlook that there is a solution already? The VPN gateway
at the small office / home office (SOHO) has an IPsec tunnel
connecting it to its headquarter:
setkey -c <<END
spdadd ${sohonet} ${homenet} -P out ipsec
esp/tunnel/${sohoip}-${homeip}/require;
spdadd ${homenet} ${sohonet} -P in ipsec
esp/tunnel/${homeip}-${sohoip}/require;
END
now, the problem is that the ${sohoip} is dynamically assigned
with DHCP. How can the gateway at the headquarter know that
${sohoip} address?
Options I can see are:
A DNS (provided that the SOHO endpoint has a reliable name assigned
by the ISP ... doesn't work for intermittent/dialup lines.)
B an authenticated message from the SOHO endpoint to headquarter
stating that the network ${sohonet} is reachable through the
tunnel with endpoint ${sohoip}.
Is there anything like B defined in IPsec / ISAKMP or something?
regards
-Gunther
--
Gunther Schadow, M.D., Ph.D. [EMAIL PROTECTED]
Medical Information Scientist Regenstrief Institute for Health Care
Adjunct Assistent Professor Indiana University School of Medicine
tel:1(317)630-7960 http://aurora.regenstrief.org
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
