IPSEC tunnel from dynamic IP

  • Hi  :)

    I am trying to setup an ipsec tunnel between an Option 3G router and my pfsense box.

    I have already a mobile client setup for other purposes which seems not to be compatible witch the 3g router.

    So i have tried to configure an ipsec tunnel, but the remote gateway field is mandantory.

    What can I do to have a tunnel which is only to be initiated from outside  ???

    Nico  :)

  • Rebel Alliance Developer Netgate

    If the far side can use a DynDNS client, then setup a dyndns host and use that hostname as the gateway for IPsec.

    It will track that IP via DNS and if their IP changes, it can be let in.

  • The problem is the private ip given by the 3G provider. The far side router (now a Fritzbox) dyndns client can only determine the 3G interface ip and not the public ip of the poviders net.

    Is there a service know which combines 'whats my ip' and 'dyndns'? The box sends a request and the service uses the sender ip inside the request and publishes it to dns? ;D

    That would be nice!

  • @STI2011:

    The problem is the private ip given by the 3G provider.

    Which basically eliminates the ability to use IPsec because it breaks bidirectional connectivity. Our Dyndns updater will figure out the NATed public IP and register it correctly in that circumstance, but that won't help. It's also prone to frequent changes in what IP you get NATed out on. OpenVPN will work fine in that circumstance with the client behind the 3G, that's your best bet.

  • Ok, after a last test I have burried IPsec in my case. I have connected the Fritzbox to dsl and the tunnel was working fine and reliable. Then I have switched from dsl to 3G/UMTS using the german provider Fonic/o2.
    The tunnel came up, but the packets sent from the pfSense box were definitly blocked by the provider.

    So I followed you advice, cmb, and installed OpenVPN on the Fritzbox. And, what should I say, it is working perfect.

    Thanks for you help  ;D

Log in to reply