Racoon Roadwarrior Configuration

    Date13 Nov 2006
    Posted ByBrittany Day
    Roadwarrior is a client that uses unknown, dynamically assigned IP addresses to connect to a VPN gateway (in this case also firewall). This situation is shown on picture 1.1 and is one of the most interesting and today most needed scenarios in business environment. Here are some of the reasons why that is so: Client can be any computer (with any IP address assigned) that has Internet access and can initiate connection to VPN gateway. Wen connecting to VPN network, client is assigned an internal IP address on the network he is connecting to, which gives an impression that it is directly connected to VPN network, instead of connecting by tunneling through Internet. When internal IP address is assigned, network administration is easier. Traffic is protected on the route from the client to the VPN gateway. When connected, client doesn't have direct access to Internet because traffic is routed through VPN network and firewall (VPN gateway).

    In combination with racoon, roadwarrior scenario presents a few problems: Client's IP address is unknown and cannot be defined in racoon.conf configuration file, or in the PSK keys file. Therefore, another way of client authentication is needed. It is not possible to define SPs according to which racoon on the gateway will behave, because destination address of the client is unknown. Racoon has to create any needed SPs or SAs when the connection is initiated.

    You are not authorised to post comments.

    LinuxSecurity Poll

    Has your email account ever been pwned in a data breach?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.