[Ipsec-tools-users] Can I run ipsec-tools on "DDNS+NAT+Client with dynamic IP" environment?

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Hi all,
I've met trouble when I attempt to create a VPN between my PC and my lan
in my home. The structure of my network structure is illustrated in the
attachment.
First, I have no idea about how to configure the /etc/setkey.conf file.
Because the two ports on the Internet are both with dynamic IP. How do I
specify the "add" statements for sad and "spd" statements? I've try to
add sad entry like this:
add 192.168.0.250 anonymous ah 0x200 -A hmac-sha2-256
0x7d5555f0355edabbb2e6e9a9c2d0ece421adbfaf94e953fe807e34ab22501d7c;
But I got "Name or service not known at [ah]" error message after I run
the command "/sbin/setkey -f /etc/setkey.conf".
I think maybe I can not using AH under this environment even I used the
udp encapsulating. But for ESP, I still don't know how to set up the
dynamic client IP address in "add" statements.
I doubt if it is possible to create a VPN with such network structure.
I've read many articles about ipsec-tools over NAT-T, but all these
articles assume that the ip address of the NAT gateway is static or the
client is static IP. I can not find any document that illustrate the
situation that both the client and server side are dynamic IPs.
Could anyone please help me for this?

Thanks,
Enliang.

**************************************************************************

DemandTec Email Notice

This email and any attachments may contain confidential and/or proprietary=
 information and is intended solely for the use of the addressee. If you=
 are not the intended recipient we request that you notify us via email or=
 telephone and delete all copies of the message from your systems.=
 Additionally, although DemandTec has taken reasonable precautions to=
 ensure the security of this email and any attachments, we encourage you to=
 take similar precautions and accept no liability for any loss or damage=
 resulting from its use.
DemandTec, 1 Circle Star Way, Suite 200, San Carlos, CA 94070, 650-226-4600