[prev in list] [next in list] [prev in thread] [next in thread] 

List:       snap-users
Subject:    (KAME-snap 2106) Re: racoon.conf will be changed.
From:       Shoichi Sakane <sakane () ydc ! co ! jp>
Date:       2000-03-29 13:07:30
[Download RAW message or body]

> > I have one comment: In the case of a travelling client connecting
> > to KAME, we cannot predict his/her IP address in advance.
> > Hence, it is not possible to specify appropriate SPD policy rule
> > in the kernel.
> > 
> > I beleived racoon's policies could be used to do just that:
> > a policy to a host 0.0.0.0/0, requiring appropriate authentication,
> > could be used to generate a SPD policy rule with the actual IP address.
> > 
> > Or will there be another way to cope with travelling users?
> 
> Is there a way to do this now?

No, they aren't now.  I mean that is phase 2 negotiation.

> We want to use preshared keys to 
> authenticate a roaming user. From my reading of the sample files,
> it seems that a pre-shared key must be bound to a specific IP 
> address. Is this the case? If not, how can a pre-shared key be specified 
> for a range of network addresses (or even for all addresses?)

In your case, a pre-shared key bind a instead of IP address, for example,
FQDN and UserFQDN.  In current, you can this phase 1 negotiation which is
not used IP address for pre-shared key.

[prev in list] [next in list] [prev in thread] [next in thread]