[Openswan Users] Dreams and Aspirations of OpenSwan.

Marc Spiegelman marc at itu.net
Tue Aug 17 17:19:25 CEST 2004


I hope to build a dual road warrior solution.  I intend to register one
end with a dynamic dns provider but it doesn't appear I can do this with
PSK's because I can't figure a way to configure ipsec.secrets to use the
dynamic address assigned to the external interface.  Anyone know how?

Will this dual road warrior solution work if I try using certificates?
Does X-Auth work the same with certificates?

Also, what are the pitfalls of PAM.  The documentation says PAM uses
threads in an unsafe manner but does not elaborate.  Anyone know what
problems I may encounter?

Lastly, I was hoping to send configuration information to one end such
as wins, DNS, ETC.  I've heard of mode-config and DHCP over IPSEC.  Are
these different technologies.  Which one will accomplish my goal?   Does
OpenSwan support them? Anyone have any documentation to do it?


Any help I can get will save me a HUGE amount of time testing and will
be much appreciated.



More information about the Users mailing list