IPSEC site to site (dynamic IPs) not resolving when IP changes



  • I have three networks two of which are connected back to the main network all via ipsec site to site. All three networks get IP transit via dynamic IP from the cable/fibre provider. The issue is that once the IP changes, the IPSEC tunnels go down. When trying to reconnect, the IP that is resolved is the old one not the new one. Both use Cloudflare dynamic IPs and they are updated instantly with cloudflare. However, the sites trying to connect back to the main site keep showing the old IP addresses. I have searched and found old posts describing how to reset DNMASQ, however in Pfsense 2.4.4 P3, I cannot find where to reset the DNS cache for the IPSEC connections.
    I have restarted Unbound to no avail.

    Any assistance would be greatly appreciated.



  • @claferriere

    Hey
    I see 2 solutions to this problem

    1. make changes to the PFSense configuration file so that you can use the option %any in the remote gateway ip address settings ( this will allow you to connect from any ip address) - this solution has been tested and works

    fcc69529-aa33-4ab6-a060-b854fb9f9fd9-image.png

    2.Strongswan can use the updown script when establishing or disconnecting a connection.
    You can write a script that, if the connection down, will run the command ipsec reload , which will reload the configuration file . - This solution is experimental , I did not test it

    910228ad-8ee2-402d-a65b-542406572546-image.png

    817c969c-3984-4f91-bba1-7499632fa1c6-image.png


Log in to reply