Site-to-site VPN with non-static IP address
-
Looking for help on how to configure a site-to-site VPN.
The scenario includes a remote branch office using an SG-1100 that needs to connect (site-to-site) to the main site (using also pfSense) but the remote branch office does not have a static IP Address.
Currently I have a site-to-site tunnel established with the current IP address. The ISP, however, changes the IP address every other couple of days. This results in the VPN going down and manually have to go to both ends of the tunnel to update with the new IP address of the remote branch.
Any ideas on how I could establish the VPN from the remote branch and bring up the tunnel automatically when the IP address changes?
-
@fazevedo Use a dynamic dns service.
Go to Services/Dynamic DNS and you'll see a list of supported sites. Some are free, some paid. -
@jarhead I was trying to avoid that... but if there is no other solution...
-
@fazevedo
Should also be possible with a dynamic IP on one site, but only this one can initiate the connection then.In the P1 settings of the main office you have to state "0.0.0.0" at "Remote Gateway". So it accepts connections from anywhere.
-
@fazevedo said in Site-to-site VPN with non-static IP address:
@jarhead I was trying to avoid that... but if there is no other solution...
Why avoid it??
The free sites work great and it doesn't cause any harm.
What would be your reason to avoid it? -
@jarhead said in Site-to-site VPN with non-static IP address:
What would be your reason to avoid it?
Just plain old security paranoia...
-
@fazevedo How would that be any different than the actual IP address?
You don't have to tell anyone what the domain name you chose is. There's literally no security concern any different than having a public IP.