AW: [suse-security] Need hints for FreeSwan
Hi it's possible to do this. 1. Use DynDNS for the nameresolution with dynamic addresses. 2. You need a script (perl could be a good choice) to crate a dynamic ipsec.conf. You should ping the name of the other side of the tunnel and cut the received ip address. You can then rewrite the ipsec.conf file and reload the freeswan daemon. I tried it once and it works. I used a cronjob to check if the tunnel is up and running and to rewrite the config-file. Mit freundlichen Grüßen / Best regards Jens Neumann Jens Neumann ZEDA GmbH & Co. KG , Dept. ZDT Mühlenweg 17-37 D - 42270 Wuppertal Tel.: +49 202 564-1175 Fax : +49 202 564-1384 Email: jens.neumann@zeda.de <mailto:jens.neumann@zeda.de> -----Ursprüngliche Nachricht----- Von: Backhausen, Sven [SMTP:sbackhausen@ntcg.de] Gesendet am: Montag, 30. Juni 2003 09:16 An: SuSE-Security ML Betreff: Re: [suse-security] Need hints for FreeSwan we are running a lan-to-lan vpn with freeswan and dynamic ip adresses on both sides. it works, but you have to restart the tunnels on both ends if one end goes down. We are using a small script run by cron on both gateways which is pinging into the remote lan to see if the tunnel is still existing and taking action if not. sven Am Fre, 2003-06-27 um 23.30 schrieb Andreas Fießer: > Hi list, > > I'd like to connect a remote Win2K box to a internal LAN which has only > a dynamic IP via DSL. > I allready have dyndns.org domain, that gets updated on DSL login. > > Now I glimpsed at free-swan's documentation and - as far as I understand > - the setup-guide says I needed fixed IPs und update the DNS with key > info and so on. > So it is not possible for me to use it ? > > I currently have: > - SuSE 8.2 and the provided freeswan 1.99 on the gateway > - Win2K SP4 on the outside boxes > > Later there should be 2 Linux gateways connecting 2 LANs but still > dynamic IPs. > > Is there someone who could point me to a HowTo or at least verify that > what I'd like to do is possible with free-swan ? > > > > > -- > Check the headers for your unsubscription address > For additional commands, e-mail: suse-security-help@suse.com > Security-related bug reports go to security@suse.de, not here -- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
why don't you use the (dynamic) dns names in you ipsec.conf? sven Am Mon, 2003-06-30 um 09.34 schrieb Neumann, Jens:
Hi it's possible to do this.
1. Use DynDNS for the nameresolution with dynamic addresses. 2. You need a script (perl could be a good choice) to crate a dynamic ipsec.conf. You should ping the name of the other side of the tunnel and cut the received ip address. You can then rewrite the ipsec.conf file and reload the freeswan daemon.
I tried it once and it works. I used a cronjob to check if the tunnel is up and running and to rewrite the config-file.
Mit freundlichen Grüßen / Best regards
Jens Neumann
Jens Neumann ZEDA GmbH & Co. KG , Dept. ZDT Mühlenweg 17-37 D - 42270 Wuppertal Tel.: +49 202 564-1175 Fax : +49 202 564-1384 Email: jens.neumann@zeda.de <mailto:jens.neumann@zeda.de>
-----Ursprüngliche Nachricht----- Von: Backhausen, Sven [SMTP:sbackhausen@ntcg.de] Gesendet am: Montag, 30. Juni 2003 09:16 An: SuSE-Security ML Betreff: Re: [suse-security] Need hints for FreeSwan
we are running a lan-to-lan vpn with freeswan and dynamic ip adresses on both sides. it works, but you have to restart the tunnels on both ends if one end goes down. We are using a small script run by cron on both gateways which is pinging into the remote lan to see if the tunnel is still existing and taking action if not.
sven Am Fre, 2003-06-27 um 23.30 schrieb Andreas Fießer:
Hi list,
I'd like to connect a remote Win2K box to a internal LAN which has only a dynamic IP via DSL. I allready have dyndns.org domain, that gets updated on DSL login.
Now I glimpsed at free-swan's documentation and - as far as I understand - the setup-guide says I needed fixed IPs und update the DNS with key info and so on. So it is not possible for me to use it ?
I currently have: - SuSE 8.2 and the provided freeswan 1.99 on the gateway - Win2K SP4 on the outside boxes
Later there should be 2 Linux gateways connecting 2 LANs but still
dynamic IPs.
Is there someone who could point me to a HowTo or at least verify that what I'd like to do is possible with free-swan ?
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
participants (2)
-
Backhausen, Sven -
Neumann, Jens