[prev in list] [next in list] [prev in thread] [next in thread] 

List:       snap-users
Subject:    (KAME-snap 4343) dynamic IP on security gateway
From:       Erik Salander <erik () whistle ! com>
Date:       2001-03-28 1:45:41
[Download RAW message or body]


I have a typical LAN-to-LAN IPSec VPN working with FreeBSD 4.2-STABLE
and the latest racoon (20010222a).  Here's a policy on one end:

spdadd 10.3.1.0/24 10.3.2.0/24 any -P in ipsec
     esp/tunnel/206.77.205.83-206.77.205.115/require;

What would I specify for setkey if one of the security gateways had a
dynamically assigned IP address on its public interface?  I've seen
email posts specifying 0.0.0.0.  If I use 0.0.0.0 as a tunnel endpoint
address, is it necessary to also use the my_identifier parameter (not
the "address" alternative, I assume) in racoon.conf?  Thanks.

Erik

[prev in list] [next in list] [prev in thread] [next in thread]