Being a complete n00b, i don't know how much i can help, but i'll do
what i can to put together a FAQ entry on this. It's hard to find
answers to this question, as there are vague references to a fix as far
back as mid 2003. Right now i don't know what the current state is, or
if there is a generally accepted workaround.
This is going to be a big deal for us, so i'm probably going to try to
hack something together if there isn't built in support for it. My two
m0n0 boxen are the only *bsd i have in the house, so i'm starting from
My thought, for now, was to build an external service that can
authenticate updates from roaming m0n0 boxes and push the config updates
to a headend m0n0 using some scripted HTTP client (i'm sure there's a
better way). The remote update event notification could come from the
RFC dynamic dns updater (that we're not using) for now, with some better
hook later on.
Here's hoping for a better answer. :P
Jean-Francois Theroux wrote:
> Maybe its the lack of sleep, or might just be that m0n0wall can't
> do this. I'm not sure, so I turn to you all knowledgeable people for
> Say that you have your central office, which has obviously a
> static public IP. It will be the main hub for several IPsec tunnels to
> remote offices. Problem is, those remote offices don't have static IPs.
> When you configure a tunnel in m0n0wall, you don't have a choice,
> you need to enter a static IP for the remote gateway. If I could enter
> a FQDN, I could use a dyndns.org setup and it'd be fine. Which I
> can't, as far as I can see.
> So, is there a workaround for this with m0n0wall? Or, sadly, will
> I have to use a different solution. Don't talk about OpenVPN. This was
> already rejected, client wants a IPsec solution, or takes his business