[Openswan Users] DHCP on tunnel endpoint
Neal Murphy
neal.p.murphy at alum.wpi.edu
Wed Mar 26 16:21:15 EDT 2014
On Wednesday, March 26, 2014 04:02:13 PM Daren Hickman wrote:
> Can openswan start a tunnel from an interface that is using dhcp and whose
> address may change. Can it be wild carded so any address on the interface
> with the default gateway be used?
Yes. But it is fraught with peril if the IP changes frequently, as you
surmised.
And I believe yes; this is typically called a Road Warrior config. But the
Road Warrior must initiate the connection because the other end doesn't know
where to send packets until it receives packets from the R/W.
If the DHCP end is a firewall, you should be able to use a dynamic DNS service
to keep the IP address updated, and then use a domain name in the configs. But
with the possibility of DNS poisoning, it may be better to stick with IP addrs
and wildcards.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20140326/857c3fa5/attachment.html>
More information about the Users
mailing list