[Openswan Users]

Stefan Denker Stefan at dn-kr.de
Fri May 5 15:53:13 CEST 2006 

On Fri, May 05, 2006 at 01:57:48PM +0800, Hongda Zhao wrote:
> I cannot connect the http://dynipsec.tripod.com/dyneng.txt
> does some one have a copy of the "Using OpenSWAN with dynamic IP addresses"
> or "Using FreeS/WAN with dynamic IP addresses"?

Well, i can access it. Here is a copy: http://tmp.dn-kr.de/dyneng.txt
Grab it, it could be gone by tomorrow. 

Well, after glancing over this howto, I would suggest some
improvements: 

1. almost all distributions are able to execute scripts when connecting
to the internet. Use them instead of executing a script every second. 

2. First try without left/rightnexthop. 

I currently maintain an openswan connection between two Hosts with
dynamic IPs, here's how we do it: 

My host is running Debian Sarge, Openswan 2.2.0, his Host ist Debian
Etch. 

We both use dyndns.org to register our IP. Every host runs a script
which detects a change of the other IP and then replaces the connection.
Both computers replace the connection when connecting to the net, with
limited keyingtries. Works for almost 3 months now. 

Here's the connection definition(anynomized to protect the guilty): 

conn net-to-net
        leftsubnet=192.168.0.0/24
        also=conn_template
        rightsubnet=192.168.1.0/24
        auto=start

conn conn_template
        left=host1.dyndns.org
        leftid=@host1.dyndns.org
        # RSA 2048 bits   host1   Mon Aug 29 22:47:19 2005
        leftrsasigkey=0sAQOYG/...
        right=%defaultroute
        rightid=@host2.dyndns.org
        rightrsasigkey=0sAQO8sFWB...
        authby=rsasig
        keyingtries=5

As you can see, this is the right side of the connection. 

We once thought about a slightly different approach: If a host connects
to the internet it connects to the other side using ssh and thereby
executes a script which replaces the connection... 

HTH 

Stefan

-- 
Leben - es gibt nichts Selteneres auf der Welt.
Die meisten Menschen existieren nur.
                                                      Oscar Wilde
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.openswan.org/pipermail/users/attachments/20060505/ee627b8a/attachment.bin

More information about the Users mailing list