From: Enliang X. <Enl...@de...> - 2007-03-13 01:51:20
|
Hi all, I've met trouble when I attempt to create a VPN between my PC and my lan in my home. The structure of my network structure is illustrated in the attachment. First, I have no idea about how to configure the /etc/setkey.conf file. Because the two ports on the Internet are both with dynamic IP. How do I specify the "add" statements for sad and "spd" statements? I've try to add sad entry like this: add 192.168.0.250 anonymous ah 0x200 -A hmac-sha2-256 0x7d5555f0355edabbb2e6e9a9c2d0ece421adbfaf94e953fe807e34ab22501d7c; But I got "Name or service not known at [ah]" error message after I run the command "/sbin/setkey -f /etc/setkey.conf". I think maybe I can not using AH under this environment even I used the udp encapsulating. But for ESP, I still don't know how to set up the dynamic client IP address in "add" statements. I doubt if it is possible to create a VPN with such network structure. I've read many articles about ipsec-tools over NAT-T, but all these articles assume that the ip address of the NAT gateway is static or the client is static IP. I can not find any document that illustrate the situation that both the client and server side are dynamic IPs. Could anyone please help me for this? Thanks, Enliang. ************************************************************************** DemandTec Email Notice This email and any attachments may contain confidential and/or proprietary= information and is intended solely for the use of the addressee. If you= are not the intended recipient we request that you notify us via email or= telephone and delete all copies of the message from your systems.= Additionally, although DemandTec has taken reasonable precautions to= ensure the security of this email and any attachments, we encourage you to= take similar precautions and accept no liability for any loss or damage= resulting from its use. DemandTec, 1 Circle Star Way, Suite 200, San Carlos, CA 94070, 650-226-4600 |