[nycbug-talk] road-warrior IPsec setup: looking for references

Tillman Hodgson tillman
Sat Aug 27 20:12:42 EDT 2005

On Sat, Aug 27, 2005 at 05:33:15PM -0600, Tillman Hodgson wrote:
> Howdy folks,
> I'm looking for ways to set up an IPsec tunnel between an OS X 10.4 road
> warrior laptop and my -current FreeBSD box (on sparc64, though it
> shouldn't matter). I normally use OpenVPN for remtoe tunnels, but I'm
> really not happy with OpenVPN on OS X.
> I've never worked with IPsec in a road warrior scenario (where one IP is
> unknown), only in transport mode to secure host-to-host activity on a
> local ethernet (where it's quite handy for things like NIS).
> Are there any good references out there that someone could point me too?

[Following up on my own post]

There's a few issues I'm trying to learn about specifically:

* road warriors often have dynamic IPs
    * When setting up the IP-in-IP tunnel (via a gif0 tunnel), how does
      one create such a tunnel if the other IP is unknown?
* road warriors may be behind NATing firewalls
* I don't need to do routing, aside from a single static route, as this
  is a laptop rather than a network
    * Dynamic routing wouldn't be hard -- I use BGP and OSPF with Quagga
      for all internetwork-tunneling needs ...
    * But none of the IPsec examples I've found cover this road warrior
      situation :-) For example, Richard's:
      covers tunneling between two networks, with both ends havign
      static IPs on the external side.

If IPsec just doesn't work well for this sort of situation (dynamic IP
that may be NATed), are there any recommendations for an OS X -> FreeBSD
tunneling solution?


When you can do nothing what can you do?
	- Zen koan

More information about the talk mailing list