<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML xmlns="http://www.w3.org/TR/REC-html40" xmlns:v =
"urn:schemas-microsoft-com:vml" xmlns:o =
"urn:schemas-microsoft-com:office:office" xmlns:w =
"urn:schemas-microsoft-com:office:word" xmlns:m =
"http://schemas.microsoft.com/office/2004/12/omml"><HEAD>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.6000.16608" name=GENERATOR>
<STYLE>@font-face {
font-family: Cambria Math;
}
@font-face {
font-family: Calibri;
}
@page Section1 {size: 8.5in 11.0in; margin: 1.0in 1.0in 1.0in 1.0in; }
P.MsoNormal {
FONT-SIZE: 11pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Calibri","sans-serif"
}
LI.MsoNormal {
FONT-SIZE: 11pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Calibri","sans-serif"
}
DIV.MsoNormal {
FONT-SIZE: 11pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Calibri","sans-serif"
}
A:link {
COLOR: blue; TEXT-DECORATION: underline; mso-style-priority: 99
}
SPAN.MsoHyperlink {
COLOR: blue; TEXT-DECORATION: underline; mso-style-priority: 99
}
A:visited {
COLOR: purple; TEXT-DECORATION: underline; mso-style-priority: 99
}
SPAN.MsoHyperlinkFollowed {
COLOR: purple; TEXT-DECORATION: underline; mso-style-priority: 99
}
SPAN.EmailStyle17 {
COLOR: windowtext; FONT-FAMILY: "Calibri","sans-serif"; mso-style-type: personal-compose
}
.MsoChpDefault {
mso-style-type: export-only
}
DIV.Section1 {
page: Section1
}
</STYLE>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></HEAD>
<BODY lang=EN-US vLink=purple link=blue>
<DIV dir=ltr align=left><SPAN class=917103218-10032008><FONT face=Arial
color=#0000ff size=2>As long as your central site has a static IP this is
possible.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=917103218-10032008><FONT face=Arial
color=#0000ff size=2>Note however, that there are two things having a dynamic ip
at the remote site affects.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=917103218-10032008><FONT face=Arial
color=#0000ff size=2>1) The dynamic sites cannot tunnel to each other directly,
but must communicate through</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=917103218-10032008><FONT face=Arial
color=#0000ff size=2>the central site, because they will not know the ip's of
the other sites.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=917103218-10032008><FONT face=Arial
color=#0000ff size=2>(Note: Since your using Linksys which probably only allows
1 or 2 tunnels, you'd probably</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=917103218-10032008><FONT face=Arial
color=#0000ff size=2>need to do this anyway regardless of static or dynamic ip's
at the remote sites.)</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=917103218-10032008><FONT face=Arial
color=#0000ff size=2>2) The central site cannot initiate or reconnect to remote
sites, the remote sites must handle</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=917103218-10032008><FONT face=Arial
color=#0000ff size=2>the connection initiations and reconnections because the
central site won't know which ip's</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=917103218-10032008><FONT face=Arial
color=#0000ff size=2>to connect to.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=917103218-10032008><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=917103218-10032008><FONT face=Arial
color=#0000ff size=2>If your looking for a cheap way to connect your sites, this
is probably a good solution.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=917103218-10032008><FONT face=Arial
color=#0000ff size=2>Just be aware of the above limitations, and get a
good/unlimited internet account at the</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=917103218-10032008><FONT face=Arial
color=#0000ff size=2>central site, especially if you want the remote sites to
talk to each other (through the</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=917103218-10032008><FONT face=Arial
color=#0000ff size=2>central site) as this will increase the load at the
central site. If possible avoid using,</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=917103218-10032008><FONT face=Arial
color=#0000ff size=2>nat-traversal and connect the routers and Linux server
directly to the internet connection.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=917103218-10032008><FONT face=Arial
color=#0000ff size=2>This will also save you some headaches getting things all
working.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=917103218-10032008><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=917103218-10032008><FONT face=Arial
color=#0000ff size=2>Use roadwarrior configuration samples for your remote
sites. Roadwarrior relating to</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=917103218-10032008><FONT face=Arial
color=#0000ff size=2>changing ip, rather than actual equipment movement, which
may or may not happen.</FONT></SPAN></DIV>
<DIV> </DIV>
<DIV align=left><FONT face=Arial size=2>Peter McGill</FONT></DIV>
<DIV> </DIV><BR>
<BLOCKQUOTE dir=ltr
style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #0000ff 2px solid; MARGIN-RIGHT: 0px">
<DIV class=OutlookMessageHeader lang=en-us dir=ltr align=left>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>From:</B> users-bounces@openswan.org
[mailto:users-bounces@openswan.org] <B>On Behalf Of </B>Chris
Thomas<BR><B>Sent:</B> March 10, 2008 11:50 AM<BR><B>To:</B>
users@openswan.org<BR><B>Subject:</B> [Openswan Users] Is this
possible?<BR></FONT><BR></DIV>
<DIV></DIV>
<DIV class=Section1>
<P class=MsoNormal>I would like to put a Linksys WRVS4400N at each of my
remote sites (I have about 10 or 20) and configure a Linux server running
OpenSwan at my Headquarters location to receive the VPN connections/tunnels
from each remote site. Each site has a dynamic IP address. Is it
possible to make this happen or do all remote sites need to have static
IP’s?<o:p></o:p></P>
<P class=MsoNormal><o:p> </o:p></P>
<P class=MsoNormal>Thanks in advance for the insight.<o:p></o:p></P>
<P class=MsoNormal><o:p> </o:p></P>
<P class=MsoNormal>-Chris<o:p></o:p></P></DIV></BLOCKQUOTE></BODY></HTML>