IPSec Site to Site between NAT
maekee last edited by maekee
Me and my friend have established a IPSec Site-to-Site tunnel between our home networks.
We have configured Phase 1 "Remote Gateway" with the other sides dynamic DNS-name and we have configured "My Identifier" as our public IP addresses (because behind router), the problem is that we would like to use our dynamic dns names (so the site-to-site dont stop working when the IP changes).
But neither one of My Identifier values "Distinguished Name" or "Dynamic DNS" works, only IP Address.
Because our addresses are dynamic we would like to supply our dynamic names like we are using for Remote Gateway.
Any one that knows why this dont seem to work?
Me and my friend :)
I THINK I have a similar setup as you do...
On one location I have pfsense directly connected to the Internet, and the other site (my summer house) is using a 4G router which of course has it's own NAT. I am using a Dynamic DNS service for both locations (DynDNS and afraid). So on both ends I use the DNS name I have chosen for the respective Remote Gateways. But on the pfsense box (connected directly to the Internet) I set the peer identifier to the "internal WAN" of the other VPN server, not the public IP adress (or DNS).
In my case I have the LAN side of the 4G router set to 192.168.3.1 and the WAN it provides the ER-X is 192.168.3.10. So I select IP adress for peer identifier in pfsense and type in 192.168.3.10. That's all there is to it...