• I want to establish IPSec Tunnel using PFSense f but my problem is, we used broadband connection in one end which used Dynamic IP. Any suggestion on how to do this?

  • It is possible to do this.

    Probably the easiest way is to ensure that you have resolvable DNS hostnames for each public facing endpoint interface. I use a DynamicDNS provider with pfSense. Get this working first.

    Don't use any public IP addresses in your Phase 1 config unless they are static IP addresses. Use the DynamicDNS hostnames instead.

    E.g. on one end…

    Remote Gateway: farfaraway.dynamic.dns
    My Identifier: Distinguished Name: thisbox.dynamic.dns
    Peer Identifier: Distinguished Name: farfaraway.dynamic.dns
    Pre-Shared Key: OurSecret

    on the other end...

    Remote Gateway: thisbox.dynamic.dns
    My Identifier: Distinguished Name: farfaraway.dynamic.dns
    Peer Identifier: Distinguished Name: thisbox.dynamic.dns
    Pre-Shared Key: OurSecret

    The Phase 2 configs will have the IP network addresses of your internal network, typically private addresses. No dynamic dns required here.

Log in to reply