[oclug] FreeS/WAN question

[Jon Earle]

On Tue, 6 Apr 2004, Derek T. Murphy (Home) wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Tue, 6 Apr 2004,  Jon Earle [ JE ] wrote:
>
> JE > Right... but that's my problem.  Unless I can assign an address from the
> JE > private network to the remote client (clients will be mostly Windows 2000
> JE > boxen and one Linux client [me]), I'd be chasing all of the client IP
> JE > addresses each time they connect.
>
> Is that not what the "updown" scripts are for? (I was busy this AM, so I
> wasn't paying much attention to the beginning of this thread. Sorry.)
>
> These are individual RSAsig connections, yes? Then each one is unique, and
> leftupdown= (or, of course, rightupdown=) could enable a specific route
> for that specific external connection to the internal I/F, where BIND
> serves the names from...

No, I'm using a generic roadwarrior type setup with each client assigned
an x509 certificate.

If a client, say a Win2k[1] laptop, connects to a dialup ISP, that ISP
will assign a dynamic IP to the laptop.  If the user then brings up the
VPN connection, the IP will be unique for that session only, as any
subsequent calls to that ISP will usually result in a new IP being
assigned.  If that user then goes home, plugs into the home DSL, we have
yet another IP.  Our fearless user then goes on a trip and connects to a
partner ISP in that city.  Bingo, all new IPs for the duration of the
trip.

Charly Baker was suggesting that I can permanently assign IPs to the VPN
tunnel - can you point me to the docs that detail that configuration?

Cheers!
Jon

[1] The same can be said of a Linux laptop - IP assignments are typically
always dynamic.

-- 
Jon Earle
Software Developer / Network Manager
Specializing in Open Source Software Solutions
http://kronos.honk.org/~earlej/