> On 11/23/05, Angelo Turetta <[EMAIL PROTECTED]> wrote: >> > This is probably not an incredibly difficult thing to fix. >> >> If I understand correctly, IPSEC tunnels can only be specified by mean of their actual endpoints inside the SPD tables. >> >> Angelo. > > Here's how it works. When the ip changes dhclient kicks off a script which then reconfigures the tunnel. This should work now.
Yes, fine. And who's gonna tell your tunnel partner your address has changed and their SPD must be changed? Do you have a protocol for doing that in a standard way? What if you have a Cisco router on the other side? That's why I say it's not going to work. The tunnel definition on BOTH endpoints must be synced before the tunnel can be re-established. IPSEC tunnel mode can only be established (without external software) between fixed addresses. That's why Cisco & MS use L2TP, which is actually PPTP over Host Mode ESP. Angelo. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
