[prev in list] [next in list] [prev in thread] [next in thread]
List: snap-users
Subject: (KAME-snap 2106) Re: racoon.conf will be changed.
From: Shoichi Sakane <sakane () ydc ! co ! jp>
Date: 2000-03-29 13:07:30
[Download RAW message or body]
> > I have one comment: In the case of a travelling client connecting
> > to KAME, we cannot predict his/her IP address in advance.
> > Hence, it is not possible to specify appropriate SPD policy rule
> > in the kernel.
> >
> > I beleived racoon's policies could be used to do just that:
> > a policy to a host 0.0.0.0/0, requiring appropriate authentication,
> > could be used to generate a SPD policy rule with the actual IP address.
> >
> > Or will there be another way to cope with travelling users?
>
> Is there a way to do this now?
No, they aren't now. I mean that is phase 2 negotiation.
> We want to use preshared keys to
> authenticate a roaming user. From my reading of the sample files,
> it seems that a pre-shared key must be bound to a specific IP
> address. Is this the case? If not, how can a pre-shared key be specified
> for a range of network addresses (or even for all addresses?)
In your case, a pre-shared key bind a instead of IP address, for example,
FQDN and UserFQDN. In current, you can this phase 1 negotiation which is
not used IP address for pre-shared key.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic