DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 27th October 2010
bitfrost bitfrost is offline
New User
 
Join Date: Jul 2010
Posts: 2
Default Problems with IPSEC and Dynamic GW Roadwarrior

Hi, I have the following network diagram


PRIVATE IP
172.0.0.0/8
[ NOKIA E71 PHONE 1 ]------------ RAMDOM PUBLIC IP 200.25.64/26 ( ) STATIC IP PUBLIC IP [190.10.9.8] 172.16.20.0/24
--[ 3G ISP ]------------------------( Internet )-------------------[ VPN-Gateway / FIREWALL ]------------------------[HOSTS]
[ NOKIA E71 PHONE 2 ]----------- ( )


The phone gets connected, and my routes show this every time a phone connects on:

Encap:
Source Port Destination Port Proto SA(Address/Proto/Type/Direction)
172.27.141.167/32 0 default 0 0 200.25.197.117/esp/use/in
default 0 172.27.141.167/32 0 0 200.25.197.117/esp/require/out
172.28.28.14/32 0 default 0 0 200.25.197.121/esp/use/in
default 0 172.28.28.14/32 0 0 200.25.197.121/esp/require/out
172.28.43.174/32 0 default 0 0 200.25.197.107/esp/use/in
default 0 172.28.43.174/32 0 0 200.25.197.107/esp/require/out
172.31.55.203/32 0 default 0 0 200.25.197.89/esp/use/in
default 0 172.31.55.203/32 0 0 200.25.197.89/esp/require/out
172.31.33.42/32 0 default 0 0 200.25.197.94/esp/use/in
default 0 172.31.33.42/32 0 0 200.25.197.94/esp/require/out
172.31.126.146/32 0 default 0 0 200.25.197.109/esp/use/in
default 0 172.31.126.146/32 0 0 200.25.197.109/esp/require/out


But my Roadwarrior (the phone) is changing from GW every time it connects (random 200.25.64/26), as you can see here i need a bi-nat, for the sad case it hits the same ip 172.16.20.0/24 some day, dont blame me about the ip addressing.

Here is my ipsec.conf

ike passive from any to any main auth hmac-sha1 enc aes group modp1024 quick auth hmac-sha1 enc aes psk x6f1d59e544ffccd5d48cf8f9199cd7af4005535


Any help will be greatly appreciated.

Greetings
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
[FreeBSD + PF cbq + borrow] Dynamic shaping Enemy FreeBSD General 4 19th May 2009 08:56 AM
Dynamic Traffic Shaping LordZ OpenBSD Security 6 19th January 2009 04:30 PM
openBSD IPSEC gateway w/WINDOWS XP roadwarrior s2scott OpenBSD Security 7 13th January 2009 11:01 AM
Ajax dynamic table/spreadsheet robbak Programming 1 7th June 2008 10:33 PM
dhcpd problems... dynamic and static leases present edhunter FreeBSD General 7 16th May 2008 02:34 PM


All times are GMT. The time now is 05:47 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick