[Openswan Users]

Hongda Zhao zhaohongda at gmail.com
Sun May 7 19:34:30 CEST 2006


got it, thanks:)

2006/5/5, Stefan Denker <Stefan at dn-kr.de>:
>
> On Fri, May 05, 2006 at 01:57:48PM +0800, Hongda Zhao wrote:
> > I cannot connect the http://dynipsec.tripod.com/dyneng.txt
> > does some one have a copy of the "Using OpenSWAN with dynamic IP
> addresses"
> > or "Using FreeS/WAN with dynamic IP addresses"?
>
> Well, i can access it. Here is a copy: http://tmp.dn-kr.de/dyneng.txt
> Grab it, it could be gone by tomorrow.
>
> Well, after glancing over this howto, I would suggest some
> improvements:
>
> 1. almost all distributions are able to execute scripts when connecting
> to the internet. Use them instead of executing a script every second.
>
> 2. First try without left/rightnexthop.
>
> I currently maintain an openswan connection between two Hosts with
> dynamic IPs, here's how we do it:
>
> My host is running Debian Sarge, Openswan 2.2.0, his Host ist Debian
> Etch.
>
> We both use dyndns.org to register our IP. Every host runs a script
> which detects a change of the other IP and then replaces the connection.
> Both computers replace the connection when connecting to the net, with
> limited keyingtries. Works for almost 3 months now.
>
> Here's the connection definition(anynomized to protect the guilty):
>
> conn net-to-net
>        leftsubnet=192.168.0.0/24
>        also=conn_template
>        rightsubnet=192.168.1.0/24
>        auto=start
>
> conn conn_template
>        left=host1.dyndns.org
>        leftid=@host1.dyndns.org
>        # RSA 2048 bits   host1   Mon Aug 29 22:47:19 2005
>        leftrsasigkey=0sAQOYG/...
>        right=%defaultroute
>        rightid=@host2.dyndns.org
>        rightrsasigkey=0sAQO8sFWB...
>        authby=rsasig
>        keyingtries=5
>
> As you can see, this is the right side of the connection.
>
> We once thought about a slightly different approach: If a host connects
> to the internet it connects to the other side using ssh and thereby
> executes a script which replaces the connection...
>
> HTH
>
> Stefan
>
> --
> Leben - es gibt nichts Selteneres auf der Welt.
> Die meisten Menschen existieren nur.
>                                                      Oscar Wilde
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.1 (GNU/Linux)
>
> iD8DBQFEW0q5gxM0R2Cfuz8RAqd7AJ4ks7nIvnfi1sel7+zLkab0Jc9yiwCffGCj
> IDbvNs/SUP4jajjn63MbeZ4=
> =Cf9q
> -----END PGP SIGNATURE-----
>
>
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20060507/546baafc/attachment.htm


More information about the Users mailing list