KP and Brock, I too have been looking at this, now my suggestion is to look firstly at a ping check of a single packet to the dynamic dns name of the far end, if it is different to what you either thought it was last time, or different to what ipsec eroute thinks the far end is, tear it down and rebuild.
This may require long retries at both ends, unless you time synchronise both ends, (easy) and crontab the jobs to do all this. Only thing holding me back from this is time and a near complete lack of shell scripting knowledge and experience. How does this sound? Matt > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of K.-P. > Kirchdörfer > Sent: Tuesday, 25 February 2003 11:15 PM > To: [EMAIL PROTECTED]; Lynn Avants; > [EMAIL PROTECTED] > Subject: Re: [leaf-user] vpn with dynamic ip (long) > > > Am Montag, 24. Februar 2003 20:15 schrieb Lynn Avants: > > On Monday 24 February 2003 11:23 am, K.-P. Kirchdörfer wrote: > > <snip> > > > > > e) tunnels > > > add the tunnels for net-net and gate-gate > > > ipsec net 0.0.0.0/0 vpn,vgw > > > > <snip> > > > > > Is this setup esp. shorewall changes secure or did I opened > pandoras box? > > > > Thanks for the thorough description! > > The tunnel description with 0.0.0.0/0 would really be the only security > > consideration is see. Although this _is_ the suggested method and still > > forces authentication (RSA in your case), IIRC Shorewall will support > > a DNS name in leui of ip address. Tom does not suggest using DNS names, > > but it may be safer IMHO if you feel it is necessary. Otherwise what you > > have is the typical suggestion and will work as you have noted. > > I like to hear that :) > > Yes I know Tom's suggestion about DNS names, but I have to use > them, as there > is no public available fixed ip anywhere in this setup... > > thanks > kp ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
