Troubleshoot Identifier issues with DIR-330
-
I'm hoping for some help in debugging a VPN connection to life!
I'm running pfSense 1.2.2 (Jan 8, 2009 build)
I have been able to successfully establish a site-to-site IPsec tunnel between PFsense and a DIR-330. However, the site I'm deploying the unit to may have a dynamic IP and I'd like to figure out how to make identifiers work properly.
I can get the tunnel to come up if I specify the PSK on pfSense (static IP) using the remote IP address. BUT, when I try to use an identifier value on the D-Link, and likewise configure it on pfSense it almost seems like the DIR-330 isn't sending through proper identifier information that pfSense can identify.
Going back and forth with D-Link they have sent the following through to me on their undocumented "identifier" options:
The identifier is used to refer to a particular VPN connection. If you were setting up a point to point VPN with some VPN Servers, then they would be able to refer to the VPN by this identifier. This identifier could be used to determine the rights/privileges that VPN has on the network. The identifer will usually use a 4 octet form, an example would be 8db04f81. The identifiers are not D-Link proprietary settings, they will be available in most VPN client and servers. We do not have any documentation available for the identifier useage,as the DIR-130 will act as a client type connection to a VPN Server (such as Windows 2008, or other advanced VPN applications).
I'd like to know if there is a way to set the remote identifier, and then chech racoon logging from the CLI to see what identifier information it is actually receiving. That way I could just steal that garbage identifier and set it up for use.
The only other workaround they have offered is to use a DDNS name for the remote IP but that requires the use of dyndns or their dlinkddns servive. AFAIK this requires an upgrade to 1.2.3 (beta?) and is more of a hassle than it's worth..