• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Dynamic DNS ON BOTH ENDPOINTS

Scheduled Pinned Locked Moved IPsec
17 Posts 7 Posters 10.0k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • L
    linuxman
    last edited by Nov 21, 2005, 2:05 PM

    I want to setup an always up IPSEC tunnel between two PFSENSE gateways that have dynamic IP addresses (cable modem and dsl modem). I know that this can be easily done on IPCOP, however, PFSENSE seems to be light years ahead of IPCOP when it comes to configuration. Is PFSENSE capable of this natively?

    Thanks,
    Linuxman

    1 Reply Last reply Reply Quote 0
    • L
      linuxman
      last edited by Nov 21, 2005, 4:04 PM

      PS: The above scenario is very common to small-sized or mid-sized business environments.

      Thanks in advance for your reply.

      Linuxman

      1 Reply Last reply Reply Quote 0
      • C
        carboncopy
        last edited by Nov 24, 2005, 12:08 PM

        @linuxman:

        I want to setup an always up IPSEC tunnel between two PFSENSE gateways that have dynamic IP addresses (cable modem and dsl modem). I know that this can be easily done on IPCOP, however, PFSENSE seems to be light years ahead of IPCOP when it comes to configuration. Is PFSENSE capable of this natively?

        Thanks,
        Linuxman

        I also wondered this.  However, as far as I know PF would require the IP address of the gateway/gateways.  This would really be defeating the purpose of using of dynamic IP addresses in the IPsec config area.  But I guess it depends on how tight you want to make your rules.  In theory if your PF rules were less restrictive I think it could work.  I haven't tested this theory myself, but I would like to try!

        1 Reply Last reply Reply Quote 0
        • H
          hoba
          last edited by Nov 24, 2005, 12:40 PM

          For your Information: this has been discussed at the Support ML: http://www.mail-archive.com/support@pfsense.com/msg03172.html

          1 Reply Last reply Reply Quote 0
          • C
            carboncopy
            last edited by Nov 24, 2005, 1:52 PM Nov 24, 2005, 1:41 PM

            @hoba:

            For your Information: this has been discussed at the Support ML: http://www.mail-archive.com/support@pfsense.com/msg03172.html

            I don't sub to the ML.  MLs seem old school… But thanks for the info.

            1 Reply Last reply Reply Quote 0
            • R
              rds_correia
              last edited by Dec 6, 2005, 5:08 PM

              OT
              Well, sometimes you gotta go "old school" if you want to get something fixed.
              See, there was an issue, it was reported both on the MLs and here @ the forum.
              But it was the MLs that pushed sullrich enough for him to start working on a fix ;).
              I don't mind MLs, but if you ask me, every major project should have a forum instead of an ML…
              /OT
              So, now the $1.000.000 question is, has this been fixed in 0.95Alphas or is it still being fixed?
              Major kudos to the devs for taking care of this issue.
              If only you could do the same with OpenVPN and the OPTs issue... ;)
              Cheers

              pfSense 2.2.4 running on a HP DL385 G5
              WAN bce(4) + LAN em(4) + OPTn em(4) with 10 VLANs + Snort + PPTP VPN soon to be trashed by OVPN

              1 Reply Last reply Reply Quote 0
              • S
                sullrich
                last edited by Dec 6, 2005, 11:08 PM

                Huh?  I said don't depend on the issue being fixed anytime soon. Please reread the last post on the ML from me.

                @rds_correia:

                OT
                Well, sometimes you gotta go "old school" if you want to get something fixed.
                See, there was an issue, it was reported both on the MLs and here @ the forum.
                But it was the MLs that pushed sullrich enough for him to start working on a fix ;).
                I don't mind MLs, but if you ask me, every major project should have a forum instead of an ML…
                /OT
                So, now the $1.000.000 question is, has this been fixed in 0.95Alphas or is it still being fixed?
                Major kudos to the devs for taking care of this issue.
                If only you could do the same with OpenVPN and the OPTs issue... ;)
                Cheers

                1 Reply Last reply Reply Quote 0
                • R
                  rds_correia
                  last edited by Dec 7, 2005, 1:31 AM

                  As far as I'm aware, this is your last post.
                  @sullrich:

                  Wed, 23 Nov 2005 15:19:15 -0800

                  I will add a feature for it to automatically talk to the 2nd firewall
                  and for it to tell the 2nd to reload its ipsec configuration.  This
                  will solve all these problems.

                  Only stipulation is that both endpoints will need to be pfSense, but
                  thats not really something I'm concerned with as you should only be
                  using pfSense :P

                  And here you don't actually say if the issue will be solved soon or not.
                  Or maybe I'm wrong and I didn't search the ML correctly?
                  Cheers

                  pfSense 2.2.4 running on a HP DL385 G5
                  WAN bce(4) + LAN em(4) + OPTn em(4) with 10 VLANs + Snort + PPTP VPN soon to be trashed by OVPN

                  1 Reply Last reply Reply Quote 0
                  • S
                    sullrich
                    last edited by Dec 7, 2005, 1:32 AM

                    From: Scott Ullrich sullrich@gmail.comMailed-By: gmail.com
                    To: "info@cilient.com" info@cilient.comDate: Nov 24, 2005 2:01 PM
                    Subject: Re: [pfSense Support] Dynamic DNS ON BOTH ENDPOINTS
                    Reply | Reply to all | Forward | Print | Add sender to Contacts list | Trash this message | Report phishing | Show original | Message text garbled?

                    Not sure.  It will magically appear so don't depend on it as of yet./info@cilient.com/sullrich@gmail.com

                    1 Reply Last reply Reply Quote 0
                    • R
                      rds_correia
                      last edited by Dec 7, 2005, 1:44 AM

                      What?
                      You mean you sent that but it doesn't show up on the ML archive?
                      That's why I'm not a fan of MLs  ;D.
                      Cheers

                      pfSense 2.2.4 running on a HP DL385 G5
                      WAN bce(4) + LAN em(4) + OPTn em(4) with 10 VLANs + Snort + PPTP VPN soon to be trashed by OVPN

                      1 Reply Last reply Reply Quote 0
                      • S
                        sullrich
                        last edited by Dec 7, 2005, 1:48 AM

                        @rds_correia:

                        What?
                        You mean you sent that but it doesn't show up on the ML archive?
                        That's why I'm not a fan of MLs  ;D.
                        Cheers

                        I don't know what to tell you.  I can find any message  I need in 2 seconds with my gmail account + the mailing list.

                        And for the record, I prefer mailing lists over forums.  It cuts down on the BS.

                        1 Reply Last reply Reply Quote 0
                        • R
                          rds_correia
                          last edited by Dec 7, 2005, 1:53 AM

                          @sullrich:

                          And for the record, I prefer mailing lists over forums.  It cuts down on the BS.

                          There you have a point…
                          But I still prefer forums lol
                          Heck with so many posts you and I exchanged today I tell you what I prefer: SIP softphones.
                          But then there wouldn't be any BD with stored info.
                          But it sure would have made things easier today ;).
                          Cheers

                          pfSense 2.2.4 running on a HP DL385 G5
                          WAN bce(4) + LAN em(4) + OPTn em(4) with 10 VLANs + Snort + PPTP VPN soon to be trashed by OVPN

                          1 Reply Last reply Reply Quote 0
                          • S
                            sullrich
                            last edited by Dec 7, 2005, 1:54 AM

                            Yet another place we differ.  I hate the phone.

                            :P

                            1 Reply Last reply Reply Quote 0
                            • R
                              rds_correia
                              last edited by Dec 7, 2005, 2:00 AM

                              No, sir.
                              I'm not a big fan of phones.
                              But then we would have done this in 5 minutes instead of 2 hours ;).
                              BTW a bit of BS: where do I get that avatar of yours but bigger?
                              I simply love it  :P
                              Cheers man

                              pfSense 2.2.4 running on a HP DL385 G5
                              WAN bce(4) + LAN em(4) + OPTn em(4) with 10 VLANs + Snort + PPTP VPN soon to be trashed by OVPN

                              1 Reply Last reply Reply Quote 0
                              • M
                                MrMoo
                                last edited by Dec 13, 2005, 3:16 PM

                                Does this mean IPSEC in pfSense has the same problem with DHCP IP address changes as m0n0wall?

                                i.e. if a dynamic endpoint has an IP address change it will not reconnect until the phase lifetime expires, or IPSEC is manually restarted.

                                This is why I use the ovpn builds in m0n0wall for OpenVPN support.  I'm very tempted to change for Carp & IPSEC compression otherwise.

                                And if this is so can you slap it in big letters in the FAQ and elsewhere to make it more widely known.

                                1 Reply Last reply Reply Quote 0
                                • D
                                  dynamix
                                  last edited by May 28, 2006, 10:20 AM

                                  Quote from: sullrich
                                  Wed, 23 Nov 2005 15:19:15 -0800

                                  I will add a feature for it to automatically talk to the 2nd firewall
                                  and for it to tell the 2nd to reload its ipsec configuration.   This
                                  will solve all these problems.

                                  More than half of year has past since then; any progress on this, Sullrich?
                                  All I want is the option ho have a Dynamic DNS address allowed in Remote Gateway field.
                                  Automatic detection of address changes and remote party notification are improvements you cand develop later… :)
                                  I don't mind to manualy reeestablish the connection.... for the beginning  ;)

                                  1 Reply Last reply Reply Quote 0
                                  • S
                                    sullrich
                                    last edited by May 28, 2006, 7:11 PM

                                    No progress has been made.  1.0 is being released without this support.

                                    1 Reply Last reply Reply Quote 0
                                    • First post
                                      Last post
                                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                                      [[user:consent.lead]]
                                      [[user:consent.not_received]]