Subject: Re: Using IKE with one fixed end and one dynamic end
To: Darren Reed <email@example.com>
From: Thor Lancelot Simon <firstname.lastname@example.org>
Date: 10/30/2001 10:03:12
On Tue, Oct 30, 2001 at 10:46:59AM +1100, Darren Reed wrote:
> Does anyone have any suggestions on how to configure IKE (racoon) for
> access to a LAN from cable internet (DHCP) ? Can you assume you know
> nothing about the remote IP address ? Particularly, what should
> the SPDs look like.
I think to get this right you need your IKE daemon to build and install
appropriate SPDs. I see it as being the principal flaw of racoon that it
cannot do that; it makes it fundamentally unsuitable for what is increasingly
the most common case of IPsec deployment by new users ("road warrior" client
to corporate firewall/gateway).
If you want to deal with its horrible configuration syntax, I think you can
use isakmpd to do this.
Thor Lancelot Simon email@example.com
And now he couldn't remember when this passion had flown, leaving him so
foolish and bewildered and astray: can any man?