Mailinglist Archive: opensuse-security (685 mails)

< Previous Next >
Re: [suse-security] VPN without fixed IP
  • From: Robert Klein <RoKlein@xxxxxxxxxx>
  • Date: Tue, 26 Feb 2002 11:09:08 +0100
  • Message-id: <E16fdYe-0001VL-00@xxxxxxxxxxxxxxxxxxxxxxxx>
On Tuesday, 26. February 2002 09:30, Michael Appeldorn got hit
on a toe and began to swear:
> >I'm trying to build-up a VPN-Entrance over our Linux-Router
> > (Kernel 2.4.4). Some Road-Warriors of our Company should get
> > the ability to get access to our NT-Server with a
> > Sysbase-DB.
> >First of all I have to learn something about its (VPN)
> > functions: What about DSL-VPN? Is there any chance to create
> > a VPN without a Server-Side fixed IP-Adress?
> >Which Documentation of VPN-Knowledge do you perfer?

> http://www.nadmm.com/show.php?story=articles/vpn.inc

Nope. The author of the article uses a fixed IP on the server
side (or hasn't mentioned how to work around the
all-side-dynamic-IP problem).

For an explanation see

http://lists.freeswan.org/pipermail/briefs/2001q4/000028.html
and the three posts referred to. Please note, the difficulties
mentioned in Claudia Schmeing's post apply to Hans Hermann
Kleinberg's solution, too: The road-warriors's don't know when
the IP-address of the "Server-road-warrior" changes, so they
don't try to restart the connection. The only solution to this
is the "Opportunism" method, that allows connections without
"prearrangement" (iow, without using existing tunnels, but
establishing them at need). Unfortunately the opportunism
method isn't ready for prime time, yet, it seems.

Robert

< Previous Next >
References