[oclug] FreeS/WAN question
cmb at fivefortyfour.com
Tue Apr 6 14:37:18 EDT 2004
On Tuesday 06 April 2004 2:16 pm, Jon Earle wrote:
> On Tue, 6 Apr 2004, Charly Baker wrote:
> > If the dns server is running on the gateway, then it wants to serve the
> > remote clients through its ipsec interface. On the other end of the
> > tunnel, your remote client will also have an ipsec interface, and will
> > have an address for that interface. Your remote client needs to use the
> > ipsec address of your gateway/nameserver, to ensure that the nameserver
> > is accessed through the tunnel, and then you can configure your
> > gateway/nameserver to serve internal resolutions to the subnet that
> > includes your remote client's ipsec interface, as well as the
> > nameserver/gateway's ipsec interface.
> Right... but that's my problem. Unless I can assign an address from the
> private network to the remote client (clients will be mostly Windows 2000
> boxen and one Linux client [me]), I'd be chasing all of the client IP
> addresses each time they connect.
> Can I do that - assign an address from the private network over the VPN?
Not dynamically, but the tunnel that you set up to the client has to have an
address at each end. At the client end, assign it to be whatever you want,
and it will be that no matter where the client is. What do you have in your
config files for the tunnel to the client?
More information about the OCLUG