Using ADSL with DynDNS. How configure My identifier?

diegote

I can´t make then tunnel. I´ve being using FQDN an Domain Name, and nothing… If I use a dyndns how configure this field?

hoba

It won't work without having a static IP at least at one end. Check out http://pfsense.com/mirror.php?section=tutorials/mobile_ipsec/
Having dynamic IPs at both ends might be possible between two pfSense systems in 1.1 (at least it's something we have discussed already but I won't be too predictive with that)

diegote

@hoba:

It won't work without having a static IP at least at one end. Check out http://pfsense.com/mirror.php?section=tutorials/mobile_ipsec/
Having dynamic IPs at both ends might be possible between two pfSense systems in 1.1 (at least it's something we have discussed already but I won't be too predictive with that)

I have one static IP. (ADSL <–-> Static IP).
I refered to settings for My identifier on de ADSL side. In the static side I activated ALLOW MOBILE CLIENTS and created a PRE-SHARED KEY (with an email and secret word).
What can I use for make the tunnel?? FQDN?? Dymanic DNS (how configure this?) or which one?? on the ADSL side

hoba

At the dynamic adsl side use the identifier and the preshared key you configured at the static side. It doesn't have to exist, it's just something like user and password combination. You can create something like "adsl@dynamic.com" with "let-me-in" as identifier and pass at the static side and configure as identifier User-FQDN "adsl@dynamic.com" with preshared key "let-me-in" at the dynamic side. Use the static IP of the static side as remote endpoint and enter an IP of the remote subnet as keep alive IP at the bottom. This way the dynamic side will reestablish the tunnel after it's IP has changed (btw, besides the keepalive IP everything is explained in the tutorial  ;) ).

diegote

@hoba:

At the dynamic adsl side use the identifier and the preshared key you configured at the static side. It doesn't have to exist, it's just something like user and password combination. You can create something like "adsl@dynamic.com" with "let-me-in" as identifier and pass at the static side and configure as identifier User-FQDN "adsl@dynamic.com" with preshared key "let-me-in" at the dynamic side. Use the static IP of the static side as remote endpoint and enter an IP of the remote subnet as keep alive IP at the bottom. This way the dynamic side will reestablish the tunnel after it's IP has changed (btw, besides the keepalive IP everything is explained in the tutorial  ;) ).

I followed de tutorial step by step. Give me this LOG
Apr 28 12:10:59 racoon: ERROR: such policy already exists. anyway replace it: 131.131.0.0/16[0] 131.131.0.200/32[0] proto=any dir=in
Apr 28 12:10:59 racoon: ERROR: such policy already exists. anyway replace it: 192.168.1.0/24[0] 131.131.0.0/16[0] proto=any dir=in
Apr 28 12:10:59 racoon: ERROR: such policy already exists. anyway replace it: 131.131.0.200/32[0] 131.131.0.0/16[0] proto=any dir=out
Apr 28 12:10:59 racoon: ERROR: such policy already exists. anyway replace it: 131.131.0.0/16[0] 192.168.1.0/24[0] proto=any dir=out

Any idea??
Thanks for answer.
Diego

hoba

That's actually not a real error. it just tells you that there already was a policy for this connection but it got replaced when you edited the tunnel. It should simply work. I have the exactly same config using a pfsense with static IP and another pfsense and a m0n0 joininng with dynamic IPs. It's working for more than a month already without any glitches.

diegote

@hoba:

That's actually not a real error. it just tells you that there already was a policy for this connection but it got replaced when you edited the tunnel. It should simply work. I have the exactly same config using a pfsense with static IP and another pfsense and a m0n0 joininng with dynamic IPs. It's working for more than a month already without any glitches.

It´s working. Just like the tutorial show. I´ve solved some bugs in my configuration and that´s all.
Thanks everyone.
Diego