# This tread is being at three mailing list...
> >> now, the problem is that the ${sohoip} is dynamically assigned
> >> with DHCP. How can the gateway at the headquarter know that
> >> ${sohoip} address?
> I don't know whether this is actually possible to do yet. But, you
> should be able to configure racoon to use a public-key certificate for
> authentication, and identify your SOHO users by their names rather
> than the random DHCP address. However, it looks like you will still
> lose because racoon does not appear to have a mechanism to
> automatically add SPD entries based on the authenticated identity of
> an ``anonymous'' connection.
racoon-20010418a can do it experimentally if you specify "generate_policy"
in server's racoon.conf. racoon generates SP entries from ID payloads
in IKE phase 2 negotiation, then adds these SPs after SA negotiation
will be finished. In this case, all you have to do is to configure SPD
in the client.
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
