|
||||||||
I think he was referring to the PPTP, at least that's the way looked to me. In that case, I already have a customer system that does exactly this. Uses dynamic dns for VPN clients. You can also limit the VPN client access based on the firewall rules. The next section talked about static tunnels, which I think he means the IPSEC. Since the definition of static tunnels would be both ends have a static IP address, maybe it wasn't the right terminology for it. I think he wanted something that would allow dynamic tunnels instead. I have not tried this myself, so you are saying that instead of using the IP address of the other remote gateway, you throw in a dns name (like vpn2.mycorpwebsite.com) and it only resolves the address once? If the IP of the other end changes, the tunnel would collapse. Would m0n0wall not try to establish another connection and thus cause another DNS lookup? Do you mean it looks up the address only once while booted? I haven't tried any of that myself, but I take it you have and this was the result? Thanks for the info, Michael Lee Sharp wrote: > Michael Brown wrote: >> Are you saying m0n0wall doesn't already do this? > > m0n0wall requires IP addresses for IPsec VPN. It would be very nice > to use domain names. However, the mechanics of implementing this make > it very unlikely. The system will cache the ipaddress it finds when > it does the lookup, and it will not look it up again, which is why it > requires a domain name. > > Lee > > --------------------------------------------------------------------- > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch > |