[oclug] FreeS/WAN question
je_oclug at kronos.honk.org
Tue Apr 6 15:57:27 EDT 2004
On Tue, 6 Apr 2004, Derek T. Murphy (Home) wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> On Tue, 6 Apr 2004, Jon Earle [ JE ] wrote:
> JE > Right... but that's my problem. Unless I can assign an address from the
> JE > private network to the remote client (clients will be mostly Windows 2000
> JE > boxen and one Linux client [me]), I'd be chasing all of the client IP
> JE > addresses each time they connect.
> Is that not what the "updown" scripts are for? (I was busy this AM, so I
> wasn't paying much attention to the beginning of this thread. Sorry.)
> These are individual RSAsig connections, yes? Then each one is unique, and
> leftupdown= (or, of course, rightupdown=) could enable a specific route
> for that specific external connection to the internal I/F, where BIND
> serves the names from...
No, I'm using a generic roadwarrior type setup with each client assigned
an x509 certificate.
If a client, say a Win2k laptop, connects to a dialup ISP, that ISP
will assign a dynamic IP to the laptop. If the user then brings up the
VPN connection, the IP will be unique for that session only, as any
subsequent calls to that ISP will usually result in a new IP being
assigned. If that user then goes home, plugs into the home DSL, we have
yet another IP. Our fearless user then goes on a trip and connects to a
partner ISP in that city. Bingo, all new IPs for the duration of the
Charly Baker was suggesting that I can permanently assign IPs to the VPN
tunnel - can you point me to the docs that detail that configuration?
 The same can be said of a Linux laptop - IP assignments are typically
Software Developer / Network Manager
Specializing in Open Source Software Solutions
More information about the OCLUG