[Openswan Users] handling dyn-ip clients
jerry
jz at silpion.de
Thu Jul 1 00:26:32 CEST 2004
hi all!
I have a openswan server (left) and dynIP-Clients (Vigor2900 and XP; right)
the server is U2.1.4/K2.6.6 native stack
server resides behind a nat router with a static ip doing necessery port forwarding,
no nat-t, pfs, is needed.
to vigor (PSK,tunnel,pfs):
10.0.1.0/24===192.168.0.36[S=C]---192.168.0.143...80.zzz.xxx.yyy[S=C]===192.168.100.0/24
to roadwarrior (certs,rsasig,tunnel,pfs):
10.0.1.0/24===192.168.0.36[C=DE, ST=Hamburg, L=xxx, O=xxx, OU=xxx, CN=xxx, E=xx,S=C]---192.168.0.143...%any[S=C]==={0.0.0.0/0};
When the DynIP-Connections goes away and comes back with a diffrent ip,
the server becomes confused by that and thinks vigor is a roadwarrior!
->
policy does not allow OAKLEY_PRESHARED_KEY authentication. Attribute OAKLEY_AUTHENTICATION_METHOD
Using a rightid for Vigor doesn't help, on rekeying vigor identifies by its own IP-Adress,
so openswan ignores this, so the connection breaks.
Is there a possibility to tell openswan to do dyn-ip-resolving each time it tries to connect?
jerry
More information about the Users
mailing list