[ previous ] [ next ] [ threads ]
 From:  sylikc <sylikc at gmail dot com>
 To:  "M.Cattaneo" <cattaneo at gmx dot de>
 Cc:  m0n0wall dash dev at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall-dev] FQDN Support for IPsec VPN
 Date:  Wed, 19 Jan 2005 13:09:37 -0800

> I got the problem with no fix IP at the Endpoint of my Tunnel
> So in the Settings of the Ipsec it is not allowed to ad a FQDN instead of a
> Ipadress.
> Do you have any solutions for  that ??
> Or FQDN will be implementet in the next time ???

I tried to find that thread that talked about this issue on the
m0n0wall general list, but can't seem to locate it.

Anyway, one of the developers mentioned that having IPSec VPN
implemented with FQDN resolution would be a pain and not be very
secure.  The developer mentioned something about having to do a DNS
resolution every now and then from another process, because FQDN isn't
something that's not directly supported by racoon.  It's not secure
anyhow, because if the DNS is spoofed, then you could get your tunnel
to who-knows-where.

But, as a solution, for the most part, if you are on a DSL/Cable
connection and you have your endpoints up 24/7, the IPs never change
IP anyway.  So, just set up your IPSec tunnels with the current IPs
and you should be fine (I've had my site-2-site running for over 6
months, no issues)