Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPSec Site to Site between NAT

    Scheduled Pinned Locked Moved IPsec
    2 Posts 2 Posters 319 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • maekeeM
      maekee
      last edited by maekee

      Hello pfSense-experts,
      Me and my friend have established a IPSec Site-to-Site tunnel between our home networks.
      We have configured Phase 1 "Remote Gateway" with the other sides dynamic DNS-name and we have configured "My Identifier" as our public IP addresses (because behind router), the problem is that we would like to use our dynamic dns names (so the site-to-site dont stop working when the IP changes).

      But neither one of My Identifier values "Distinguished Name" or "Dynamic DNS" works, only IP Address.
      Because our addresses are dynamic we would like to supply our dynamic names like we are using for Remote Gateway.

      Any one that knows why this dont seem to work?

      Regards
      Me and my friend :)

      1 Reply Last reply Reply Quote 0
      • G
        Gblenn
        last edited by

        I THINK I have a similar setup as you do...
        On one location I have pfsense directly connected to the Internet, and the other site (my summer house) is using a 4G router which of course has it's own NAT. I am using a Dynamic DNS service for both locations (DynDNS and afraid). So on both ends I use the DNS name I have chosen for the respective Remote Gateways. But on the pfsense box (connected directly to the Internet) I set the peer identifier to the "internal WAN" of the other VPN server, not the public IP adress (or DNS).

        In my case I have the LAN side of the 4G router set to 192.168.3.1 and the WAN it provides the ER-X is 192.168.3.10. So I select IP adress for peer identifier in pfsense and type in 192.168.3.10. That's all there is to it...

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.