[ previous ] [ next ] [ threads ]
 
 From:  "Holger Bauer" <Holger dot Bauer at citec dash ag dot de>
 To:  "Sven Brill" <madde at gmx dot net>, <marc dot borgers at email dot de>
 Cc:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] VPN implementation error
 Date:  Fri, 12 May 2006 00:28:01 +0200
At least one end needs a static IP for IPSEC to work. A dynamic site can establish an IPSEC tunnel
to the static site and join as mobile client. You should have some kind of ping script running at
the dynamic site so the tunnel will be reestablished after the IP changed. The tunnel can only be
established from the dynamic site to the static site in this scenario.

Holger

> -----Original Message-----
> From: marc dot borgers at email dot de [mailto:marc dot borgers at email dot de]
> Sent: Friday, May 12, 2006 12:21 AM
> To: Sven Brill
> Cc: m0n0wall at lists dot m0n0 dot ch
> Subject: Re: [m0n0wall] VPN implementation error
> 
> 
> Sven Brill schrieb:
> > Marc Borgers wrote:
> >>
> >>
> >> Hello, why is it impossible to establish a VPN IPsec connection 
> >> between two dynamic sites? The server and client IP 
> changes ever 24h, 
> >> but the dyndns names are still the same. It seems to me 
> that m0n0wall 
> >> can't handle dyndns destinations in the VPN configuration... But I 
> >> need a VPN connection between the two m0n0wall boxes asap :'( 
> >
> > I seem to remember some discussion about that, but not the 
> outcome, as 
> > I have not played with IPSEC in a while for many reasons.
> >> Please give me a hint. Is openVPN able to handle dyndns 
> sites? tnx Marc
> > yes, OpenVPN can handle connections to dyndns hosts, if you 
> can read 
> > this email, it works (sending through my machine at home, connected 
> > from a client site via OpenVPN :)). I am using * 1.21-ovpn1 on a 
> > generic PC (CD image, floppy config) from Peter Allgeyer, 
> available here:
> > *
> >
> > http://www.protec-t.de/m0n0wall/downloads/
> >
> > I am using it through TCP rather than UDP (so I can tunnel 
> out at more 
> > restrictive sites), but I had a test setup with UDP, worked 
> like a charm.
> >
> > Sven
> >
> >
> > 
> ---------------------------------------------------------------------
> > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> >
> Thank you for the fast answer.
> I have to build up the VPN connction between two m0n0walls on ebedded 
> systems and both sites have dyndns addresses. There is no 
> chance for me 
> to use a generic PC in that situation. Last time I've tried to get 
> openVPN working on m0n0wall,  it was not possibel to use 
> dyndns names. 
> It seems to me that m0n0wall requires permanent IP addresses. Is that 
> right, or is there an other way?
> 
> site1.dyndns.biz <-> VPN <-> site2.dyndns.biz
> 24h IP address change on both sites!
> 
> Please help me.
> 
> Thanks a lot!
> 
> Marc
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> 
> 

____________
Virus checked by G DATA AntiVirusKit