What about mobile VPN? For PUBKEY auth you can use UFQDN identities
http://openbsd.org/papers/asiabsdcon07-ipsec/mgp00065.html
and
http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd
http://www.openbsd.org/cgi-bin/man.cgi?query=ipsec.conf
On Fri, Apr 8, 2011 at 10:41 AM, Ivan Nudzik wrote:
>
It is not demand of PF... It's about IPSec behavior. IPSec tunnels could
be established between exact 2 IPs, or exact 2 IP networks. You can't
have IP net on one side of tunnel and rest of Internet on other side,
which is case you wrote about.
Solutions:
1. Build IP-IP IPSec and then build GRE tunn
On 2011-04-07, Andrew Klettke wrote:
> We have a working IPSec VPN between two 4.8 endpoints. One of them is at
> a remote location, and the other at the main office. The remote location
> has its own external, routable IP (to establish the VPN), and an
> internal subnet behind it. The main off
We have a working IPSec VPN between two 4.8 endpoints. One of them is at
a remote location, and the other at the main office. The remote location
has its own external, routable IP (to establish the VPN), and an
internal subnet behind it. The main office has its own external IP,
though which it
4 matches
Mail list logo
