ISAKMPD and Variable IP addresses

[Eric Henriksen]

Not sure if this helps, but other products allow for dynamic ip addresses on
remote 'initiator' peers, as long as they're using certificates for the
Phase I authentication.  The settings I've seen usually are to put a 0.0.0.0
address in the VPN-Peer-Client field.

Good luck.
----- Original Message -----
From: Patrick Ethier <patrick at SECUREOPS.COM>
To: <VPN at SECURITYFOCUS.COM>
Sent: Tuesday, December 14, 1999 4:01 PM
Subject: Re: ISAKMPD and Variable IP addresses


> Cool, I tried it and it works fine. But what if you have more than one
> IPless peer? Will the isakmpd identify them by the PEER name that gets
sent?
>
>
>
>
> BTW, I've documented most of my wall-headbashing experience, so if you
guys
> want to post it as a faq I'll send it to the misc list.
>
>
>
>
> -----Original Message-----
> From: Angelos D. Keromytis [mailto:angelos at dsl.cis.upenn.edu]
> Sent: Tuesday, December 14, 1999 3:36 PM
> To: Patrick Ethier
> Cc: 'vpn at securityfocus.com'; 'misc at openbsd.org'
> Subject: Re: ISAKMPD and Variable IP addresses
>
>
>
> > Ok, I've been confronted with a strange request. I'm using OpenBSD 2.6
> with
> >their implementation of ISAKMPD. I was asked if we could implement a VPN
> >between our office and a laptop that will be moving all around the world.
> >Now, in the config files, it asks for the IP address of the Peer. I
figured
> >"This is free software and doesn't support this feature" but then I
checked
> >out our VPN-1 setup and it doesn't either. Can somebody please explain
how
> >the theory how this is done or will I have to develop my own
client/server
> >to modify my setups every time an IP changes.
>
> In fact, it does support empty Peer address; there's a default Phase-1
entry
> you can use for any that don't match an ID:
>
> [Phase 1]
> Default=                VPN-peer-client-default
>
> -Angelos
>
> VPN is sponsored by SecurityFocus.COM
>

VPN is sponsored by SecurityFocus.COM