> Dynamic endpoints is not supported in beta2. We never got it fully > working.
And I think never will, because it's not possible without additional software :-) As I tried to say (unacknowledged) in the previous thread about this topic, http://marc.theaimsgroup.com/?t=113277323300003&r=1&w=2 to specify a IPSEC Tunnel policy, you MUST insert the IP of both endpoints into the kernel SPD. If one of the endpoints' IP address changes, the key exchange daemon will never know that his peer now has another IP until the next rekeying, which will happen after an unpredictable timeout. And even after that, IT WILL NOT FIND A VALID SPD to establish a new association: someone has to change the policy definition inside the kernel, which racoon is not designed to do (it's setkey(8)'s work). That's why such a setup is not possible using only IPSec. The best way I know to establish an IPSEC-grade connection between two networks which only have dyn-ip gateways is L2TP (essentially PPTP over IPSEC host-to-host, no IPSEC tunnels) Angelo Turetta --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
