[CentOS] Could anyone please to help me for ipsec-tools on DDNS+NAT environment?

Sat Mar 10 17:51:12 UTC 2007
toomore <toomore at 21cn.com>

	I've met trouble when I attempt to create a VPN between my PC and my
lan in my home. The structure of my network structure is illustrated in the
	First, I have no idea about how to configure the /etc/setkey.conf
file. Because the two port on the Internet are both with dynamic IP. How do
I specify the "add" statements for sad and "spd" statements? I've try to add
sad entry like this:
	add anonymous ah 0x200 -A hmac-sha2-256
But I got "Name or service not known at [ah]" error message after I run the
command "/sbin/setkey -f /etc/setkey.conf".
	I doubt if it is possible to create a VPN with such network
structure. I've read many articles about ipsec-tools over NAT-T, but all
these articles assume that the ip address of the NAT gateway is static.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: NetworkStructure.png
Type: image/png
Size: 125868 bytes
Desc: not available
URL: <http://lists.centos.org/pipermail/centos/attachments/20070311/90f5ba0f/attachment-0004.png>