From: SourceForge.net <no...@so...> - 2009-01-16 11:05:35
|
Support Requests item #1192474, was opened at 2005-04-29 18:08 Message generated for change (Comment added) made by fabled80 You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=541483&aid=1192474&group_id=74601 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Configuration Group: racoon >Status: Closed Priority: 5 Private: No Submitted By: Nobody/Anonymous (nobody) Assigned to: Nobody/Anonymous (nobody) Summary: Racoon Roadwarrior client get virtual ip from server? Initial Comment: We tried to use Racoon server and client to setup Ipsec VPN in Rethat 9 linux PCs. Currently the roadwarrior with x509 works well, but client can not get a virtual ip addr from the server. My question: Does Racoon client support get the virtual ip from Racoon server if we use the roadwarrior with x509 and enable the mode_cfg? >From your posting, it seems there are two ways to get virtual ip: one is integrating Racoon client with DHCP client, another is setting mode_cfg on with Hybrid_rsa_server. The first one is not supported currently, and the second one is only available when Racoon server work together with Cisco VPN client. Is that right? Can I use the second way with Racoon client without Cisco VPN client? We have stopped here for a week and we are very anxious about this problem. Do I have to turn to the FreeSWAN? ---------------------------------------------------------------------- Comment By: Timo Teräs (fabled80) Date: 2009-01-16 13:05 Message: Closing all sourceforge.net bugs. If this issue has not been cared for please submit a new bug report to https://trac.ipsec-tools.net/ issue tracker. Thank you. ---------------------------------------------------------------------- Comment By: Aidas Kasparas (monas) Date: 2005-05-12 18:24 Message: Logged In: YES user_id=39627 Mike, Yes, you're partly right. Of course, road-warrior should get an address from DHCP for transport (i.e. to send packets up to security gateway[SG]). But, if SG admin want to use some packet filtering besides IPSec and works with addresses that are used at places from where roadwarriors comes, he will have one big nightmare. Insted, it is possible to assign one or more networks for roadwarriors and ask them to use these addresses in IPSec'ed connections. This way, you have to filter just assigned networks. And this is why "addresses from racoon" are good. ---------------------------------------------------------------------- Comment By: Mike Robinson (sundialservices) Date: 2005-05-12 18:10 Message: Logged In: YES user_id=854356 I wish I knew the answer... but... the idea of getting an IP-address from _Racoon_ seems somewhat nonsensical to me. The road-warrior is going to have acquired an IP-address from his hotel's wireless router... Where else, and why else? ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=541483&aid=1192474&group_id=74601 |