Pfsense to dyndns sonicwall?



  • I've seen similar topics, but thought this is a bit different. I can vpn between two sonicwalls, both with dyndns. Can I vpn into a dyndsn-sonicwall with a pfsense?



  • Don't think so, the pfSense needs a static IP as remote endpoint.



  • Not sure about SonicWall but you can diffently connect site to site VPN to an Dynamic IP.

    I have done it using pfSense with a dynamic IP on the remote end and a PIX FW with a static ip at the corporate HQ end.

    The key is that the remote end has to intiate the connection. Also for pfsense I believe can use dyndns as an identifier.



  • That is a static IP at the remote end from the pfSense point of view  ;)



  • That is true



  • @hoba:

    Don't think so, the pfSense needs a static IP as remote endpoint.

    Ahh, I get it now. Thanks. That clarifies things for me.

    Phase 2: Negotiate for better internet service, with static ip's.



  • what kind of VPN do you want to use?
    i have set up OpenVPN with both sides dynamic.
    i have on both sides a dyndns adresse and OpenVPN is able to adjust itself if the remotepoint changes it's IP.
    you only have to add "-float" into the config
    also you can define addresses in "-remote" and not only IPs (ie. officehq.dyndns.org)

    from the MAN pages:

    Allow remote peer to change its IP address and/or port number, such as due to DHCP (this is the default if –remote is not used). --float when specified with --remote allows an OpenVPN session to initially connect to a peer at a known address, however if packets arrive from a new address and pass all authentication tests, the new address will take control of the session. This is useful when you are connecting to a peer which holds a dynamic address such as a dial-in user or DHCP client.

    Essentially, --float tells OpenVPN to accept authenticated packets from any address, not only the address which was specified in the --remote option.



  • OpenVPN should work between dynamic endpoints but as the other end is a sonicwall I guess this is not an option.



  • OpenVPN would be nice. Stupid sonicwalls.

    Are there any open source firewalls that will do dynamic ipsec endpoints?


Log in to reply