Hello, On Mon, 2003-07-14 at 18:51, Mike Tancsa wrote: > Does anyone know of any documentation on how to do this ? I have searched > through google and I find lots of references to people saying, "use > certificates" but beyond that I havent found any actual documentation on > how to do it. > > The setup is 30 client sites with dynamic IP addresses connecting to one > headoffice that has a static IP address. The 30 client sites all have > unique RFC 1918 based subnets behind them. The problem is how to do all > the setkey business. The client end can find out the ip address its > dynamically assigned and then do the appropriate setkey. But the > headoffice cannot do the same thing as it has not built in way of knowing > what the client endpoint is. I dont want to implement some additional > protocol to send the HQ saying, "Hi, I am IP address xxx, please contruct > your setkey accordingly" as it would be a security issue if not thought out > correctly. These are all very remote sites, so analog dialup is the only > connection available. > > Any pointers would be great. Currently we are using mpd to dialup and then > tunnel across the mpd tunnel, but there is a resource leak somewhere in > doing this. There are other problems with this method as well so we would > like to avoid it. >
Try this link for a starter: http://www.wiretapped.net/~fyre/ipsec/ Hope this helps somewhat.., Regards, Stacey > ---Mike > -------------------------------------------------------------------- > Mike Tancsa, tel +1 519 651 3400 > Sentex Communications, [EMAIL PROTECTED] > Providing Internet since 1994 www.sentex.net > Cambridge, Ontario Canada www.sentex.net/mike > > _______________________________________________ > [EMAIL PROTECTED] mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "[EMAIL PROTECTED]" -- Stacey Roberts B.Sc (HONS) Computer Science Web: www.vickiandstacey.com _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
