[ previous ] [ next ] [ threads ]
 From:  Michael Brown <knightmb at knightmb dot dyndns dot org>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Netgear FVS318 and a few killer features that we could use in M0n0wall
 Date:  Sat, 31 Mar 2007 10:37:19 -0500
I think he was referring to the PPTP, at least that's the way looked to 
me. In that case, I already have a customer system that does exactly 
this. Uses dynamic dns for VPN clients. You can also limit the VPN 
client access based on the firewall rules.

The next section talked about static tunnels, which I think he means the 
IPSEC. Since the definition of static tunnels would be both ends have a 
static IP address, maybe it wasn't the right terminology for it. I think 
he wanted something that would allow dynamic tunnels instead. I have not 
tried this myself, so you are saying that instead of using the IP 
address of the other remote gateway, you throw in a dns name (like 
vpn2.mycorpwebsite.com) and it only resolves the address once? If the IP 
of the other end changes, the tunnel would collapse. Would m0n0wall not 
try to establish another connection and thus cause another DNS lookup? 
Do you mean it looks up the address only once while booted?

I haven't tried any of that myself, but I take it you have and this was 
the result?

Thanks for the info,

Lee Sharp wrote:
> Michael Brown wrote:
>> Are you saying m0n0wall doesn't already do this?
> m0n0wall requires IP addresses for IPsec VPN.  It would be very nice 
> to use domain names.  However, the mechanics of implementing this make 
> it very unlikely.  The system will cache the ipaddress it finds when 
> it does the lookup, and it will not look it up again, which is why it 
> requires a domain name.
>             Lee
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch