[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: VPN setup
- From: Dave Edwards <davo_(_at_)_chunga_(_dot_)_apana_(_dot_)_org_(_dot_)_au>
- Date: Tue, 3 Sep 2002 11:57:34 +0930 (CST)
I've had a couple of problems with isakmpd and ipsec vpn's.
I need to be able to offer a vpn gateway to a central
network for clients using real ip addresses. The clients
will need to set their default route through the ipsec
tunnel and the gateway will need to route all traffic
for the addresses back through the tunnel regardless of
the source address.
I'd like to use isakmpd if possible as the clients will
have dynamically assigned IP addresses and manual keying
(which might solve my problem due to the ability to
add flows) does not seem to offer support for dynamic
So far, I've been unable to find any documentation about this or
put together anything that works in this way. I assume it's
because of the unusual need to use the tunnel for the default
route which on the face of it seems rather silly, but our
setup/policy currently requires it.
Anyone got a clue for me? Maybe ipsec is the wrong choice
for this setup?
The other issue is that the clients appear to be able to
make quite nasty changes to the routing table on the gateway
if they are misconfigured. Needless to say, a misconfigured
client that can change the default route on the gateway could
ruin my day. Anyone got an idea of how to cope with this?
I may also need to support pptp for some clients I think.
Is poptop the only option?
davo_(_at_)_chunga_(_dot_)_apana_(_dot_)_org_(_dot_)_au || davo_(_at_)_sa_(_dot_)_apana_(_dot_)_org_(_dot_)_au
Adelaide, South Australia
Visit your host, monkey.org