If I understand the operation of the system correctly, though, one of
the ends, an initiator, must be able to send the request to the
responder, which it can only "find" if it knows the IP address of the
remote end. If the remote end has a dynamic IP address, then it must
use a FQDN to resolve the address to the raw IP address in order to
know where to send the request. Reversing the situation and making
the other end the initiator doesn't work because both ends are
And since m0n0wall won't allow a FQDN in the Remote gateway field,
Any other thoughts?
On Sep 24, 2005, at 12:57 PM, Jonathan De Graeve wrote:
Use responder only and fill in initiator id
Jonathan De Graeve
Jonathan dot de dot graeve at imelda dot be
Van: Bill Eccles [mailto:Bill dot lists at eccles dot net]
Verzonden: zaterdag 24 september 2005 18:27
Aan: m0n0wall at lists dot m0n0 dot ch
Onderwerp: [m0n0wall] FQDNs and Remote gateways
I gotta' little problem here and I hope someone can help me out.
Section 6.5 of the manual doesn't even mention the Remote gateway
field of the VPN>IPsec page, and I really, really want to use a FQDN
here instead of IP address, but m0n0wall gripes about needing an IP
address. And why? Because static IP addresses are getting more and
more difficult to find and I'm really starting to rely on the
wonderful services of the folks at DynDNS.org.
Now, I realize I can use a mobile client on one firewall and use a
static IP address for the other end, but that doesn't work when we
have two dynamic IP addresses that must be connected.
I'm using v1.11 of m0n0wall and, this niggle aside, am completely
impressed with the quality, look and feel of this system. I can't
wait until I can deploy it to replace my LinkSys BEFSX41s. But until
I can use FQDNs at both ends of a tunnel, I'm SOL.
Any thoughts? Hacks? Tricks?
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch