|
OpenBSD Security Functionally paranoid! |
|
Thread Tools | Display Modes |
|
|||
Problems with IPSEC and Dynamic GW Roadwarrior
Hi, I have the following network diagram
PRIVATE IP 172.0.0.0/8 [ NOKIA E71 PHONE 1 ]------------ RAMDOM PUBLIC IP 200.25.64/26 ( ) STATIC IP PUBLIC IP [190.10.9.8] 172.16.20.0/24 --[ 3G ISP ]------------------------( Internet )-------------------[ VPN-Gateway / FIREWALL ]------------------------[HOSTS] [ NOKIA E71 PHONE 2 ]----------- ( ) The phone gets connected, and my routes show this every time a phone connects on: Encap: Source Port Destination Port Proto SA(Address/Proto/Type/Direction) 172.27.141.167/32 0 default 0 0 200.25.197.117/esp/use/in default 0 172.27.141.167/32 0 0 200.25.197.117/esp/require/out 172.28.28.14/32 0 default 0 0 200.25.197.121/esp/use/in default 0 172.28.28.14/32 0 0 200.25.197.121/esp/require/out 172.28.43.174/32 0 default 0 0 200.25.197.107/esp/use/in default 0 172.28.43.174/32 0 0 200.25.197.107/esp/require/out 172.31.55.203/32 0 default 0 0 200.25.197.89/esp/use/in default 0 172.31.55.203/32 0 0 200.25.197.89/esp/require/out 172.31.33.42/32 0 default 0 0 200.25.197.94/esp/use/in default 0 172.31.33.42/32 0 0 200.25.197.94/esp/require/out 172.31.126.146/32 0 default 0 0 200.25.197.109/esp/use/in default 0 172.31.126.146/32 0 0 200.25.197.109/esp/require/out But my Roadwarrior (the phone) is changing from GW every time it connects (random 200.25.64/26), as you can see here i need a bi-nat, for the sad case it hits the same ip 172.16.20.0/24 some day, dont blame me about the ip addressing. Here is my ipsec.conf ike passive from any to any main auth hmac-sha1 enc aes group modp1024 quick auth hmac-sha1 enc aes psk x6f1d59e544ffccd5d48cf8f9199cd7af4005535 Any help will be greatly appreciated. Greetings |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
[FreeBSD + PF cbq + borrow] Dynamic shaping | Enemy | FreeBSD General | 4 | 19th May 2009 08:56 AM |
Dynamic Traffic Shaping | LordZ | OpenBSD Security | 6 | 19th January 2009 04:30 PM |
openBSD IPSEC gateway w/WINDOWS XP roadwarrior | s2scott | OpenBSD Security | 7 | 13th January 2009 11:01 AM |
Ajax dynamic table/spreadsheet | robbak | Programming | 1 | 7th June 2008 10:33 PM |
dhcpd problems... dynamic and static leases present | edhunter | FreeBSD General | 7 | 16th May 2008 02:34 PM |