Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPSEC one static IP with a Dynamic client - NO dyndns service

    Scheduled Pinned Locked Moved IPsec
    6 Posts 3 Posters 4.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      ncsidaho
      last edited by

      I have searched the forum and if this has been answered I apologize for missing it.
      I need an IPSEC tunnel from a remote location back to a clients office. The remote location is DSL with a dynamic address. This was working fine with an older Cisco at the head end. I replaced the Cisco with pfSense and cannot find a way to allow a dynamic client to attach short of using DYNdns which is not an option in this case. The cisco had 0.0.0.0 for the remote gate way. I tried this in the pfSense box withous success

      1 Reply Last reply Reply Quote 0
      • N
        ncsidaho
        last edited by

        Is what I am asking just not possible with pfsense?

        1 Reply Last reply Reply Quote 0
        • C
          craigduff
          last edited by

          Yes it is possible.

          I have a site with a static IP and my home broadband service at home which is virgin media and that is dymanic.

          In pfsense on the one at home with the changing Public IP, I add in the dyndns service and put in all my details in. So now the pfsense can communicate with DYNDNS. And im sure you have worked out how to do that??

          Then you need to go into IPSEC and when you configure the VPN in Phase one, you need to select in the drop down list "My Identifier" This options needs to be set to distinguished name. In there type in the DYNDNS domain name ie. adam.homeip.net

          So now when you configure the site with the static IP you need to do the reverse. So peer identifier would be site to distinguished name and then type in the dyndns address.

          I think this is what you need. But i must say works for me, and is floorless! Hope this helps!

          Kind Regards,
          Craig

          1 Reply Last reply Reply Quote 0
          • N
            ncsidaho
            last edited by

            the router/firewall does not support DYN dns properly as it is stuck behind a Telmex DSL modem
            So I need a solution like I use with Cisco and Sonic wall which support a dynamic client without DYN DNS

            I LOVE pfsense there has to be a way to make this work

            1 Reply Last reply Reply Quote 0
            • C
              cmb
              last edited by

              You can set it up as a mobile client the same way as the 0.0.0.0/0 remote but that's less than ideal in general (whether on Cisco or anything else). I'd fix the remote end so you can use dyndns properly.

              1 Reply Last reply Reply Quote 0
              • N
                ncsidaho
                last edited by

                Thanks cmb
                I will try setting it as a mobile, and I agree it is not ideal. But in Mexico a static IP is spendy so the client said no to doing this properly

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.