I want to use an openbsd box as an ipsec gateway to my home LAN. The only configuration it will support is a remote user setup, road-warrior style. I plan on using the Greenbow VPN client or a similar VPN client on Windows laptops to access the system. I want to use isakmpd on the gateway, and probably X509 cetificate authentication.
Something I can't wrap my head around in my planning is how the remote (client) system is allocated an IP address that is significant on the destination LAN; in other words, is there a typical configuration option to provide something like DHCP over IPSEC, or provide a dynamic IP address pool? I've used the Nortel and Cisco VPN clients before for connections to their respective equipment, and I end up with a "virtual" VPN interface that acquires a "LAN" IP address. How can I get an automatically configured VPN address to remote users connecting to my LAN through the OpenBSD box? And is there any way to control split tunneling with this setup (I don't want simultaneous communication with the client's local network and the VPN tunnel at the same time.) TIA, DS
