Michael Brown wrote:
> I think he was referring to the PPTP, at least that's the way looked to
> me. In that case, I already have a customer system that does exactly
> this. Uses dynamic dns for VPN clients. You can also limit the VPN
> client access based on the firewall rules.
> The next section talked about static tunnels, which I think he means the
> IPSEC. Since the definition of static tunnels would be both ends have a
> static IP address, maybe it wasn't the right terminology for it. I think
> he wanted something that would allow dynamic tunnels instead. I have not
> tried this myself, so you are saying that instead of using the IP
> address of the other remote gateway, you throw in a dns name (like
> vpn2.mycorpwebsite.com) and it only resolves the address once? If the IP
> of the other end changes, the tunnel would collapse. Would m0n0wall not
> try to establish another connection and thus cause another DNS lookup?
> Do you mean it looks up the address only once while booted?
> I haven't tried any of that myself, but I take it you have and this was
> the result?
I have not tried it my self, but that is a good synopsis of what I
recollect of prior discussions of why ipsec won't allow a FQDN in the field.