Re: [Users] 2 dynamic ips symetric update

From: John A. Sullivan III (John.Sullivan_at_nexusmgmt.com)
Date: Fri Oct 18 2002 - 03:45:23 CEST

• Next message: Stephen J. Bevan: "[Users] IP routing question"
• Previous message: Jordan Share: "RE: [Users] FreeSWAN+Netscreen interoperability Question. It works... but how ?"
• In reply to: Sam Sgro: "Re: [Users] 2 dynamic ips symetric update"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

In general, is rightnexthop even used other than to provide for the same
configuration file on both sides of a connection. Does any process
actually look at rightnexthop? - John

On Thu, 2002-10-17 at 17:26, Sam Sgro wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
>
>
>
> On Wed, 16 Oct 2002, Thomas Will wrote:
>
> > hello
> >
> > i 'm seeking a solution (example) to make a tunnel
> > with 2 freeswan gateways with 2 dynamic ips
> > i have registrated both sites on dyndns.org
> > conn sux-tux
> > left=sux.suxer.net
> > leftsubnet=192.168.1.0/24
> > leftnexthop=217.5.98.35
> > right=tux.suxer.net
> > rightnexthop=217.5.98.34
> > rightsubnet=192.168.254.0/24
> > auto=add
> > this configuration works fine
> > but i must patch on every reconnect ipsec.conf
> > with the nexthop values
> > i can't use on both ends left=%defaultroute
> > right=%defaultroute
>
> Why not have asymmetrical connection definitions? Use "left=%defaultroute" on
> the sux.suxer.net machine, and "right=%defaultroute" on tux...
>
> ... but I see that you've got both nexthops on the same network. In that case,
> if relevant, you could use left/rightnexthop=%direct, to use the peer's IP
> address directly. Then again, I'm pretty certain you could use the opposite
> FQDN in place of your nexthop values as well.
>
> - --
> Sam Sgro
> sam_at_freeswan.org
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.3ia
> Charset: noconv
> Comment: For the matching public key, finger the Reply-To: address.
>
> iQCVAwUBPa8rDEOSC4btEQUtAQGnzgP9G3tnYYks1FKm9MBPlePQ2DmQkO86fc9g
> iXPfjPFoEgv83KJUh7h8K+fr8vDn5yiSHG82iPOeGjXBDjs9mj7epDX0pc0hXeIc
> w/+e6ZEBRQIPd3ceIvCdvZ6Qq5MMQQhXuaEttMelgMTrco+yJqhGRdujbZX/0NDI
> CD6FZzP6aTA=
> =4lBh
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> Users mailing list
> Users_at_lists.freeswan.org
> http://lists.freeswan.org/mailman/listinfo/users

-- 
John A. Sullivan III
Group Technology Director
Nexus Management
+1 207-985-7880
John.Sullivan_at_nexusmgmt.com
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

• Next message: Stephen J. Bevan: "[Users] IP routing question"
• Previous message: Jordan Share: "RE: [Users] FreeSWAN+Netscreen interoperability Question. It works... but how ?"
• In reply to: Sam Sgro: "Re: [Users] 2 dynamic ips symetric update"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.5 : Fri Oct 18 2002 - 05:20:28 CEST