Racoon Roadwarrior Configuration
Source: HOWTO Forge - Posted by Eric Lubow   
Documentation Roadwarrior is a client that uses unknown, dynamically assigned IP addresses to connect to a VPN gateway (in this case also firewall). This situation is shown on picture 1.1 and is one of the most interesting and today most needed scenarios in business environment. Here are some of the reasons why that is so: Client can be any computer (with any IP address assigned) that has Internet access and can initiate connection to VPN gateway. Wen connecting to VPN network, client is assigned an internal IP address on the network he is connecting to, which gives an impression that it is directly connected to VPN network, instead of connecting by tunneling through Internet. When internal IP address is assigned, network administration is easier. Traffic is protected on the route from the client to the VPN gateway. When connected, client doesn't have direct access to Internet because traffic is routed through VPN network and firewall (VPN gateway).

In combination with racoon, roadwarrior scenario presents a few problems: Client's IP address is unknown and cannot be defined in racoon.conf configuration file, or in the PSK keys file. Therefore, another way of client authentication is needed. It is not possible to define SPs according to which racoon on the gateway will behave, because destination address of the client is unknown. Racoon has to create any needed SPs or SAs when the connection is initiated.

Read this full article at HOWTO Forge

Only registered users can write comments.
Please login or register.

Powered by AkoComment!