IPSec on a site-to-site VPN with one side dynamic IP?



  • Hi all,

    I need to implement a VPN between two endpoints with one pFsense and one Watchguard. The pfSense has a static Ip but the other side with watchguard no, only dynamic and without DDNS.

    It is possible to make an IPSec with a dynamic Ip endpoint? With Watchguard is possible by domain information without using DDNS. As i saw pfSense does not accept domain information as method to recognize endpoint gw ID.

    Any suggestion?

    Thanks in advance.



  • It is possibly as long as only one side need to be able to "open" the tunnel, much like in Mobile Client setup. With IKEv1 you need "aggressive" Mode at least with PSK, with IKEv2 you simply have to use a ID other the the IP address.


Log in to reply