Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Dynamic DNS endpoints and IPSEC Tunnels

    IPsec
    4
    6
    3.2k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      fastcon68
      last edited by

      What version of PF-Sense will support this.  I have seen it avaiable on the latest verision of M0n0Wall.  I would perfer to use PF-Sense over M0n0Wall.

      Both are awesome products with different user communities that want different fucntions.

      I know we have discussed this in the past but would like to know what version we be adding this functionality too it.

      RC

      1 Reply Last reply Reply Quote 0
      • P
        pesh
        last edited by

        It looks like it's coming in 1.3, but there are workarounds to do the same thing in 1.2.

        1 Reply Last reply Reply Quote 0
        • S
          Seth
          last edited by

          Can you post links to the workarounds.

          Thanks

          1 Reply Last reply Reply Quote 0
          • P
            pesh
            last edited by

            I used the one here: http://forum.pfsense.org/index.php/topic,5940.0.html

            Only one end of one tunnel in my network has a dynamic DNS address, so it fitted alright.

            Here's what I did to set it up:

            1. Enable SSH on the firewall
            2. Make an SSH connection to it, logging in as root with the admin password
            3. Select option 8 for the shell
            4. Run the command mount -u -w / to make the disk writeable
            5. Use the command cat > /root/dynamic-dns-vpn-reset.php to create a file with these contents (pressing Ctrl+D and Enter at the end to finish it):

            require_once("config.inc");
            require_once("functions.inc");

            $conf = &$config['ipsec']['tunnel'];
            $newip = gethostbyname('dynamic.dns.hostname');

            foreach ($conf as $n => $tunnel) {
                if ($tunnel['descr'] == "Your Tunnel Description") {
                    if ($tunnel['remote-gateway'] != $newip) {
                        $conf[$n]['remote-gateway'] = $newip;
                        write_config();
                        vpn_ipsec_configure();
                    }
                }
            } ?>

            6. Use the php command to run this script (pressing Ctrl+D and Enter at the end):

            require_once("config.inc");

            $cron_item = array();
            $cron_item['minute'] = "";
            $cron_item['hour'] = "            ";
            $cron_item['mday'] = "";
            $cron_item['month'] = "            ";
            $cron_item['wday'] = "*";
            $cron_item['who'] = "root";
            $cron_item['command'] = "/usr/local/bin/php -q /root/dynamic-dns-vpn-reset.php > /dev/null";
            $config['cron']['item'][] = $cron_item;
            parse_config(true);
            write_config();
            configure_cron();

            ?>

            7. Run the command mount -u -r / to make the disk readonly again

            1 Reply Last reply Reply Quote 0
            • H
              hrun
              last edited by

              Hi

              thanks for workaround

              1 Reply Last reply Reply Quote 0
              • F
                fastcon68
                last edited by

                if you have multiple dynamic tunnels how would that affect the script?
                rc

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.