Site2Site with dynamic IP without dns

bborovac

hi!

can pfsense terminate a site2site vpn connection from a dynamic client without using some kind of dynamic dns.
… just to sit and wait for any client and if the psk is ok let the tunnel come up?

tried with Remote gateway set to 0.0.0.0 but it does not work; using pfsense 2.0rc3

kind regards,
branimir

jimp

With OpenVPN, yes.

With IPsec, not so much.

It can work but with the current version of the IPsec tools daemon (racoon) there is an issue with doing site to site VPNs using the "mobile" IPsec settings, which is what would be needed to let that happen.

bborovac

@jimp:

With OpenVPN, yes.

With IPsec, not so much.

It can work but with the current version of the IPsec tools daemon (racoon) there is an issue with doing site to site VPNs using the "mobile" IPsec settings, which is what would be needed to let that happen.

so there is no way to set it up without some kind of fqdn and dynamic dns? …

i have ipsec tunnel with dyndns.org on the dynamic side but after reconnection pfsense does not reconnect this tunnel after ttl expiry??

please advice did you have similar problem?

rgds,
branimir

jimp

If you use a dynamic DNS hostname it does work properly - I use this personally and I know people using it with dozens/hundreds of tunnels. It works great.

However the title of the thread said "without DNS" so that's how I replied.