Re: [m0n0wall] Site-to-Site vpn tunnel with 2 dyn ip

From:	kyle dot mcbride at instatservices dot com
To:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] Site-to-Site vpn tunnel with 2 dyn ip
Date:	Tue, 19 Sep 2006 10:37:14 -0700

Quoting fname lname <larskman at gmail dot com>:

> Is it possiable to do a site-to-site vpn tunnel with 2 dyn ip address
> meaning both sites has 1 dyn ip. and I would to build a site-to-site
> with out getting an static address.
>
> tnx
>

Yes, I have this setup with 4 sites, all are dynamic IP, and it has  
been working flawlessly for over a year ... with one caveat.  If your  
ISP assigns you a different WAN IP from their DHCP upon renewal, then  
your tunnel will break.  When this happens, you have to simply update  
the other side of the tunnel to use the new IP address and you're back  
online.  My experience with OptimumOnline, Verizon DSL, and Patmedia  
Cable, and now Cox Cable in CA is that they generally renew our  
dynamic IPs with the same address so we do not have to update our  
tunnel config on m0n0wall very often...only a few times.

You will need to use a dynamic DNS service like dyndns.org and provide  
your account info in m0n0wall's Dynamic DNS client page.  Then for the  
IPSec tunnel config, use Domain name for Phase 1 proposal "My  
identifier".

Kyle