Hi, I need to find a solution for the following problem. And I need this solution today or tomorrow at the latest. I will hack something together either way. But I'd appreciate any guidance.
Here goes: IPsec tunnel with racoon, multiple clients one server (gateway). The clients authenticate with certificates. The server then simply generates SPs using racoon's builtin feature. However, each of the VPN clients has multiple ingress policies for different destination networks that are all funneled through the one tunnel. (I call it funnel and tunnel, kind of cute, isn't it :-). What happens is that racoon will dutifully generate the policy for the one of the client's policies that caused the first contact. After that, the client thinks he has an SA for the tunnel and funnels all other traffic through. But the server has no matching SPs for the rest of the funnel, and BUMMER. I see two ways to get this done quickly: - implement Gunther's proprietory funnel initialization protocol (FIP) separate from the server. - implement FIP inside racoon. I may need to extend (violate) the IKE protocol, because instead of one, I will send multiple policies that racoon needs to all mirror in the generate policy code. I will now study IKE again to see if it is even allowed and if not how I can most easily add it. Meanwhile I would appreciate if you jump in ASAP if you have any better idea of how to solve this problem less intrusively. regards -Gunther -- Gunther_Schadow-------------------------------http://aurora.rg.iupui.edu Regenstrief Institute for Health Care 1050 Wishard Blvd., Indianapolis IN 46202, Phone: (317) 630 7960 [EMAIL PROTECTED]#include <usual/disclaimer> --------------------------------------------------------------------- The IPv6 Users Mailing List Unsubscribe by sending "unsubscribe users" to [EMAIL PROTECTED]
