On Tue, Oct 30, 2001 at 10:46:59AM +1100, Darren Reed wrote:
> 
> Hi,
>    Does anyone have any suggestions on how to configure IKE (racoon) for
> access to a LAN from cable internet (DHCP) ?  Can you assume you know
> nothing about the remote IP address ?  Particularly, what should
> the SPDs look like.

I think to get this right you need your IKE daemon to build and install
appropriate SPDs.  I see it as being the principal flaw of racoon that it
cannot do that; it makes it fundamentally unsuitable for what is increasingly
the most common case of IPsec deployment by new users ("road warrior" client
to corporate firewall/gateway).

If you want to deal with its horrible configuration syntax, I think you can
use isakmpd to do this.

-- 
Thor Lancelot Simon	                                      tls@rek.tjls.com
    And now he couldn't remember when this passion had flown, leaving him so
  foolish and bewildered and astray: can any man?
						   William Styron