Re: Modefg considered harmful

[Derek Atkins <derek@ihtfp.com>]

"Scott G. Kelly" <scott@airespace.com> writes:

> > But that's not what I want..  I want my statically-assigned DHCP
> > address regardless of whether I'm on the 100BaseT internal LAN, the
> > 802.11 wireless lan, or connected via IPsec VPN.  I don't want to
> > enforce an architecture where this is no longer possible.
> 
> Then you need to set up your routing infrastructure accordingly. I
> didn't mean to imply that this cannot be done. What I meant is that in
> most of the remote access vpn deployments I've seen, the routing
> infrastructure was not very amenable to this. 

I just want to make sure that the IPsec configuration system can
handle this.  As it is, my network handles it just fine (mostly
because it's one bridged network).  If the IPsec Gateway can provide
the same address and proxyarp, it all works.  I just wanted to make
sure that this architecture was not disallowed.

> Again, I didn't mean to say that it can't be done - only that it can be
> problematic. It is *easier* if this can be avoided in remote access vpn
> scenarios, and avoiding it is not difficult.

Ok, that was unclear.  It SOUNDED like you said it couldn't be done.
If it _can_ be done then I'm happy.

> Scott

-der
-- 
       Derek Atkins
       Computer and Internet Security Consultant
       derek@ihtfp.com             www.ihtfp.com