ad hoc IPsec or similiar
Sandy Harris
sandyinchina at gmail.com
Tue Jun 26 07:02:53 EDT 2007
On 6/23/07, Eugen Leitl <eugen at leitl.org> wrote:
> > The general idea is that if you use keys in DNS to authenticate gateways
>
> Aye, that's the rub. Most hosts are in dynamic address space,
> and anything involving DNS will not fly.
It is certainly a problem, but you can get around it partially even if your IP
address is dynamically assigned:
http://www.freeswan.org/freeswan_trees/freeswan-2.00/doc/quickstart.html#opp.client
You do need to use a dynamic DNS server to handle your keys, but there
are lots of those, and many do provide that service.
Also, this is limited to "initiate-only" IPsec; it does not handle incoming
connections. However, that may be enough for many client machines that live
in dynamic address space.
--
Sandy Harris
Quanzhou, Fujian, China
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list