Both machines need to be pfSense for this to work. On 11/23/05, Angelo Turetta <[EMAIL PROTECTED]> wrote: > > On 11/23/05, Angelo Turetta <[EMAIL PROTECTED]> wrote: > >> > This is probably not an incredibly difficult thing to fix. > >> > >> If I understand correctly, IPSEC tunnels can only be specified by mean > of their actual endpoints inside the SPD tables. > >> > >> Angelo. > > > > Here's how it works. When the ip changes dhclient kicks off a script > which then reconfigures the tunnel. This should work now. > > Yes, fine. And who's gonna tell your tunnel partner your address has > changed and their SPD must be changed? Do you have a protocol for doing > that in a standard way? What if you have a Cisco router on the other side? > > That's why I say it's not going to work. The tunnel definition on BOTH > endpoints must be synced before the tunnel can be re-established. IPSEC > tunnel mode can only be established (without external software) between > fixed addresses. That's why Cisco & MS use L2TP, which is actually PPTP > over Host Mode ESP. > > Angelo. > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > >
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
