[ previous ] [ next ] [ threads ]
 
 From:  "James W. McKeand" <james at mckeand dot biz>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Dynamic WAN address VPN client, what should I use?
 Date:  Wed, 18 May 2005 09:14:16 -0400 
Steven McCoy wrote:
> Will m0n0wall be updated to support PPTP VPN over the internet as a
> client, or IPSEC with a dynamic WAN interface?
> 
> The only option at the moment apears to be OpenVPN, however the
> interface doesn't support client routing,
> the system crashes with frequent connects (PC), it really needs a
> wrapper script to constantly restart as the
> ping-restart configuration doesn't work 100%, and when the WAN
address
> changes a SIGUSR1 needs to be sent in
> order to reconnect with the new address.
> 
> What other solutions are available? Would it be better to find an
> appliance that supports VPN, maybe a Linksys with
> Sveasoft firmware, WatchGuard Firebox (SOHO 6)? There aren't enough
> details to find whether Smoothwall / Sonicwall (TZ150) supports this
> configuration.
> 
> There must be a lot of people who want these configurations?
> 
> 1) LAN --> m0n0wall (static address) --> Internet --> (dynamic
> address) m0n0wall --> LAN
> 2) LAN --> m0n0wall (static address) --> Internet --> (dynamic
> address) DSL/Router --> Linux/BSD box --> LAN
> 3) LAN --> m0n0wall (static address) --> Internet --> (dynamic
> address) Linux/BSD box --> LAN
> 4) LAN --> m0n0wall (dynamic address) --> Internet --> (dynamic
> address) m0n0wall --> LAN
> 5) LAN --> m0n0wall (dynamic address) --> Internet --> (dynamic
> address) DSL/Router --> Linux/BSD box --> LAN
> 6) LAN --> m0n0wall (dynamic address) --> Internet --> (dynamic
> address) Linux/BSD box --> LAN

Someone correct me if I am wrong, but I think you can do a static ->
dynamic by allowing "Mobile Clients" on the static end and treating
the dynamic end as a "Road Warrior". The IPSEC on the dynamic end
would be setup as normal (i.e. a SA/Tunnel setup to connect to static
end). The Static end would be setup to allow "Mobile Clients". I
remember a post a long time ago (in the Fall?) about this.

If I understand IPSEC correctly, one end must be static for IPSEC to
work, thus dynamic -> dynamic will not work.

Hope this helps...

_________________________________
James W. McKeand