Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    IKEv2 with NoIP DDNS

    IPsec
    4
    5
    1195
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      newparadigm last edited by

      Is it possible to configure an IKEv2 VPN with pfSense if I have a dynamic IP? I.e. can I bind the certificate to my domain name from NoIP?

      If this is possible, can someone point me towards a good step by step guide geared towards someone with intermediate level networking experience?

      1 Reply Last reply Reply Quote 0
      • jimp
        jimp Rebel Alliance Developer Netgate last edited by

        Probably not, since it requires the server certificate to include the IP address in a SAN entry. So unless you can generate a new server cert every time the WAN IP address changes, that is probably not going to be viable.

        1 Reply Last reply Reply Quote 0
        • N
          newparadigm last edited by

          SAN is subject alternative name, so you're saying that the primary 'subject' would be the dynamic DNS hostname, but the cert would need the actual IP as an 'alternative' for some reason? Does this just enable fallback if someone tries to vpn directly to the IP? Or is required for the functionality period?

          1 Reply Last reply Reply Quote 0
          • luckman212
            luckman212 last edited by

            I came to ask the same thing.  I don't have a static IP but really wanted to try out IKEv2 and kept banging my head against the wall with the various guides and not getting anything to work.  Didn't realize having an IP in the SAN was required.

            So for us lowly dynamic guys what are the options for a VPN to our homelabs etc? Is OpenVPN the only way to go?

            1 Reply Last reply Reply Quote 0
            • R
              reinaldo.gomes last edited by

              I've managed to get this working, even though I'm not gonna use it anymore. I don't really have a dynamic IP, but a failover situation, in which it might swap between two different static IPs.

              So, I'm using a previously existent, publicly trusted cert from my company. It has no IPs set as SAN (only a wildcard as DNS name), and it has client/server authentication in its EKU.

              I've done so many things to make it work, that I might be forgetting something important, but I remember that importing the server cert into the "computer->personal" (don't ask me why) folder was key to make it work. Probably there's a better way of doing this. One thing though: I've been doing preliminary tests by switching the IP resolution directly in my hosts file. Didn't get to the point of using DDNS.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post

              Products

              • Platform Overview
              • TNSR
              • pfSense
              • Appliances

              Services

              • Training
              • Professional Services

              Support

              • Subscription Plans
              • Contact Support
              • Product Lifecycle
              • Documentation

              News

              • Media Coverage
              • Press
              • Events

              Resources

              • Blog
              • FAQ
              • Find a Partner
              • Resource Library
              • Security Information

              Company

              • About Us
              • Careers
              • Partners
              • Contact Us
              • Legal
              Our Mission

              We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

              Subscribe to our Newsletter

              Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

              © 2021 Rubicon Communications, LLC | Privacy Policy