SPAM-MID [VPN] VPNs and internal services

Russell G. Howe rhowe at wiss.co.uk
Wed Dec 10 14:42:25 EST 2003


On Tue, Dec 09, 2003 at 08:52:38AM -0700, Anthony Chavez wrote:
> I'm in the process of establishing a VPN (FWIW, using IPsec between
> FreeBSD and OpenBSD boxen).
> 
> One thing that I haven't seen any of the tutorials touch is this.  What
> happens if DHCP is running on both networks?  What about DNS and other
> services?

Most (all?) IPsec implementations allow the use of a hostname for the
peer, so as long as your DHCP machines have up to date DNS records, that
shouldn't be a problem. You can also often say "accept this key from any
IP address" (often referred to as the 'roadwarrior' setup).

> Is it safe to expect to have to reconfigure a few services?

You're just adding an extra network route really.. you may well want to
slave zones from DNS servers the other side of the link and so forth,
but it all depends how you have things set up.

Oh and hi, btw. I'm Russ (first post).

If anyone's played with GRE and IPsec together with some form of dynamic
routing, I'd be interested to hear from them - me and some friends have
such a setup, but we're always after ways to make it cleaner.

-- 
Russell Howe     | Why be just another cog in the machine,
rhowe at wiss.co.uk | when you can be the spanner in the works?



More information about the VPN mailing list