On Wed, 25 Apr 2001, Gunther Schadow wrote:
> Hi,
>
> about my SOHO router project, I came accross a tough problem, may
> be I overlook that there is a solution already? The VPN gateway
> at the small office / home office (SOHO) has an IPsec tunnel
> connecting it to its headquarter:
>
> setkey -c <<END
> spdadd ${sohonet} ${homenet} -P out ipsec
> esp/tunnel/${sohoip}-${homeip}/require;
> spdadd ${homenet} ${sohonet} -P in ipsec
> esp/tunnel/${homeip}-${sohoip}/require;
> END
>
> now, the problem is that the ${sohoip} is dynamically assigned
> with DHCP. How can the gateway at the headquarter know that
> ${sohoip} address?
>
> Options I can see are:
>
> A DNS (provided that the SOHO endpoint has a reliable name assigned
> by the ISP ... doesn't work for intermittent/dialup lines.)
>
> B an authenticated message from the SOHO endpoint to headquarter
> stating that the network ${sohonet} is reachable through the
> tunnel with endpoint ${sohoip}.
>
> Is there anything like B defined in IPsec / ISAKMP or something?
I had a similar problem but I had 1 static server and the tunnels
were between several DHCP machines...not between the DHCP machines
and the server.
I ended up writing a client/server perl program in which the
server held information about the client interconnecting gif
tunnels. The clients would login and receive tunnel
endpoints, routing info, updates and such.
I'm sure this won't suffice but I will send it to you for your own
hacking pleasure if you wish. Or hell, I'll even modify it so it
fits your needs.
Nick Rogness <[EMAIL PROTECTED]>
- Keep on Routing in a Free World...
"FreeBSD: The Power to Serve!"
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
