VPN setup

[Dave Edwards <davo_(_at_)_chunga_(_dot_)_apana_(_dot_)_org_(_dot_)_au>]

Hi all,

I've had a couple of problems with isakmpd and ipsec vpn's.

I need to be able to offer a vpn gateway to a central 
network for clients using real ip addresses.  The clients 
will need to set their default route through the ipsec 
tunnel and the gateway will need to route all traffic 
for the addresses back through the tunnel regardless of 
the source address.

I'd like to use isakmpd if possible as the clients will
have dynamically assigned IP addresses and manual keying
(which might solve my problem due to the ability to 
add flows) does not seem to offer support for dynamic
clients.  

So far, I've been unable to find any documentation about this or
put together anything that works in this way.  I assume it's 
because of the unusual need to use the tunnel for the default 
route which on the face of it seems rather silly, but our
setup/policy currently requires it.

Anyone got a clue for me?  Maybe ipsec is the wrong choice 
for this setup?


The other issue is that the clients appear to be able to 
make quite nasty changes to the routing table on the gateway 
if they are misconfigured.  Needless to say, a misconfigured 
client that can change the default route on the gateway could 
ruin my day.  Anyone got an idea of how to cope with this? 

I may also need to support pptp for some clients I think.  
Is poptop the only option?

ciao
dave
-- 
Dave Edwards  	           
davo_(_at_)_chunga_(_dot_)_apana_(_dot_)_org_(_dot_)_au || davo_(_at_)_sa_(_dot_)_apana_(_dot_)_org_(_dot_)_au
Adelaide, South Australia                  
----