IPSec tunnel and dinamic IP

ssbaksa

@sullrich:

#1 Yeah, a checkbox would be fine.
#2 I would prefer a diff against HEAD and RELENG1.  This will not make it into 1.2 as we are frozen.
#3 Use minicron which is included.  You can tell minicron to launch a script every X minutes.  However, we should only launch this minicron process when we detect someone is using a dynamic hostname to avoid unnecessary process startups every 15 minutes when we do not need to.  Also, a shell script to deterimine changes in the hostname would be ideal and only invoke php when absolutely needed but I would settle for either.

Thanks for your help on this!  This should be a great addition for folks.

Ah! I see movement. I am using script (simple one) for some time now and it is working OK.
This addition with web front end will be much better.

Any new development?

Sasa

sullrich

Dyanmic IPSEC support is already in -HEAD and RELENG_1_3; imported from m0n0wall recently.

ullbergm

@sullrich:

Dyanmic IPSEC support is already in -HEAD and RELENG_1_3; imported from m0n0wall recently.

Cool, no need for the workaround then.

ssbaksa

@sullrich:

Dyanmic IPSEC support is already in -HEAD and RELENG_1_3; imported from m0n0wall recently.

Yupiiiii!!!
This is great news. No nead to write scripts for that any more then.

TNX!

ssbaksa

@sullrich:

Dyanmic IPSEC support is already in -HEAD and RELENG_1_3; imported from m0n0wall recently.

And how can I download image with that modifications? I isn't at location usualy allowed to us mortals.
I know that it is in alpha stage (or near that) but I will like to play with.

sullrich

We currently do not have images for this.  Expect to see some betas/alphas right after 1.2 is released.

ssbaksa

@sullrich:

We currently do not have images for this.  Expect to see some betas/alphas right after 1.2 is released.

OK!
TNX for info.

valnar

If a script, or better yet, an update to the web interface would allow this hack to get two dynamic DNS Pfsense boxes to build a IPSEC tunnel, I would be happy to pay a bounty for that.

Robert

sullrich

@valnar:

If a script, or better yet, an update to the web interface would allow this hack to get two dynamic DNS Pfsense boxes to build a IPSEC tunnel, I would be happy to pay a bounty for that.

I don't see any reason why these changes would not work in this case.  It might take a minute or two for the other end to come back up, but in theory it should work.

wallacebw

I guess there is no plan to backport the m0n0wall update into the 1.2 branch is there?

sullrich

1.2 is frozen.