Pascal C. Kocher <pascal.kocher_at_netbeat.biz> wrote:
> Thank you very much for this superb patch! We have successfully tested
> it against SafeNet SoftRemote 8.0. I can give you the appropriate VIDs
> if you want to.
I'm glad to hear that SafeNet works. Please send me the others VID SafeNet
uses (you'll need to enable debug to see the full VID).
If other people got it to work (or not) with other implementations, please
tell me.
> Until DHCP-over-IPSEC is available (the team around Andreas Steffen is
> working on this) is it possible to implement a intermediate solution?
> This would keep us from updating the freeswan config files for each
> roadwarrior at home or staying in a hotel (and changing it all the
> time), and we have about 500 of them ;)
> My suggestion would be, to accept the first SA for a private class IP
> and discard the subsequent ones until the SA is deleted. This would
> ensure that noone can redirect traffic to his machine. Would this be a
> way to go as intermediate solution? I'm aware that IKE Config Mode or
> DHCP-over-IPSEC would be better solution.
Well, i know this is a problem. I think i'm going to allow all IP from
predefined (by example, all private networks) ip subnets. I think that
i'll publish a new version next week with this functionality and a few
improvements/bug fixes.
-- Mathieu Lafon_______________________________________________ Users mailing list Users_at_lists.freeswan.org http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:20:07 CEST