DYNAMIC PUBLIC IP in pfesense IPSEC?
-
I want to establish IPSec Tunnel using PFSense f but my problem is, we used broadband connection in one end which used Dynamic IP. Any suggestion on how to do this?
-
It is possible to do this.
Probably the easiest way is to ensure that you have resolvable DNS hostnames for each public facing endpoint interface. I use a DynamicDNS provider with pfSense. Get this working first.
Don't use any public IP addresses in your Phase 1 config unless they are static IP addresses. Use the DynamicDNS hostnames instead.
E.g. on one end…
Remote Gateway: farfaraway.dynamic.dns
My Identifier: Distinguished Name: thisbox.dynamic.dns
Peer Identifier: Distinguished Name: farfaraway.dynamic.dns
Pre-Shared Key: OurSecreton the other end...
Remote Gateway: thisbox.dynamic.dns
My Identifier: Distinguished Name: farfaraway.dynamic.dns
Peer Identifier: Distinguished Name: thisbox.dynamic.dns
Pre-Shared Key: OurSecretThe Phase 2 configs will have the IP network addresses of your internal network, typically private addresses. No dynamic dns required here.