got it, thanks:)<br><br>
<div><span class="gmail_quote">2006/5/5, Stefan Denker <<a href="mailto:Stefan@dn-kr.de">Stefan@dn-kr.de</a>>:</span>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">On Fri, May 05, 2006 at 01:57:48PM +0800, Hongda Zhao wrote:<br>> I cannot connect the <a href="http://dynipsec.tripod.com/dyneng.txt">
http://dynipsec.tripod.com/dyneng.txt</a><br>> does some one have a copy of the "Using OpenSWAN with dynamic IP addresses"<br>> or "Using FreeS/WAN with dynamic IP addresses"?<br><br>Well, i can access it. Here is a copy:
<a href="http://tmp.dn-kr.de/dyneng.txt">http://tmp.dn-kr.de/dyneng.txt</a><br>Grab it, it could be gone by tomorrow.<br><br>Well, after glancing over this howto, I would suggest some<br>improvements:<br><br>1. almost all distributions are able to execute scripts when connecting
<br>to the internet. Use them instead of executing a script every second.<br><br>2. First try without left/rightnexthop.<br><br>I currently maintain an openswan connection between two Hosts with<br>dynamic IPs, here's how we do it:
<br><br>My host is running Debian Sarge, Openswan 2.2.0, his Host ist Debian<br>Etch.<br><br>We both use <a href="http://dyndns.org">dyndns.org</a> to register our IP. Every host runs a script<br>which detects a change of the other IP and then replaces the connection.
<br>Both computers replace the connection when connecting to the net, with<br>limited keyingtries. Works for almost 3 months now.<br><br>Here's the connection definition(anynomized to protect the guilty):<br><br>conn net-to-net
<br> leftsubnet=<a href="http://192.168.0.0/24"></b></font><font color="red"><b>MailScanner has detected a possible fraud attempt from "192.168.0.0" claiming to be</b></font> <font color="red"><b>MailScanner warning: numerical links are often malicious: 192.168.0.0/24</a><br> also=conn_template<br> rightsubnet=<a href="http://192.168.1.0/24"></b></font><font color="red"><b>MailScanner has detected a possible fraud attempt from "192.168.1.0" claiming to be</b></font> <font color="red"><b>MailScanner warning: numerical links are often malicious: 192.168.1.0/24</a><br> auto=start<br><br>conn conn_template
<br> left=<a href="http://host1.dyndns.org">host1.dyndns.org</a><br> leftid=@<a href="http://host1.dyndns.org">host1.dyndns.org</a><br> # RSA 2048 bits host1 Mon Aug 29 22:47:19 2005<br> leftrsasigkey=0sAQOYG/...
<br> right=%defaultroute<br> rightid=@<a href="http://host2.dyndns.org">host2.dyndns.org</a><br> rightrsasigkey=0sAQO8sFWB...<br> authby=rsasig<br> keyingtries=5<br><br>As you can see, this is the right side of the connection.
<br><br>We once thought about a slightly different approach: If a host connects<br>to the internet it connects to the other side using ssh and thereby<br>executes a script which replaces the connection...<br><br>HTH<br><br>
Stefan<br><br>--<br>Leben - es gibt nichts Selteneres auf der Welt.<br>Die meisten Menschen existieren nur.<br> Oscar Wilde<br><br><br>-----BEGIN PGP SIGNATURE-----<br>Version: GnuPG
v1.4.1 (GNU/Linux)<br><br>iD8DBQFEW0q5gxM0R2Cfuz8RAqd7AJ4ks7nIvnfi1sel7+zLkab0Jc9yiwCffGCj<br>IDbvNs/SUP4jajjn63MbeZ4=<br>=Cf9q<br>-----END PGP SIGNATURE-----<br><br><br>_______________________________________________<br>
<a href="mailto:Users@openswan.org">Users@openswan.org</a><br><a href="http://lists.openswan.org/mailman/listinfo/users">http://lists.openswan.org/mailman/listinfo/users</a><br>Building and Integrating Virtual Private Networks with Openswan:
<br><a href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</a><br><br><br></blockquote></div><br>