Re: [m0n0wall] Netgear FVS318 and a few killer features that we could use in M0n0wall

From:	Lee Sharp <leesharp at hal dash pc dot org>
To:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] Netgear FVS318 and a few killer features that we could use in M0n0wall
Date:	Sat, 31 Mar 2007 12:49:06 -0500

Michael Brown wrote:
> I think he was referring to the PPTP, at least that's the way looked to 
> me. In that case, I already have a customer system that does exactly 
> this. Uses dynamic dns for VPN clients. You can also limit the VPN 
> client access based on the firewall rules.
> 
> The next section talked about static tunnels, which I think he means the 
> IPSEC. Since the definition of static tunnels would be both ends have a 
> static IP address, maybe it wasn't the right terminology for it. I think 
> he wanted something that would allow dynamic tunnels instead. I have not 
> tried this myself, so you are saying that instead of using the IP 
> address of the other remote gateway, you throw in a dns name (like 
> vpn2.mycorpwebsite.com) and it only resolves the address once? If the IP 
> of the other end changes, the tunnel would collapse. Would m0n0wall not 
> try to establish another connection and thus cause another DNS lookup? 
> Do you mean it looks up the address only once while booted?
> 
> I haven't tried any of that myself, but I take it you have and this was 
> the result?

I have not tried it my self, but that is a good synopsis of what I 
recollect of prior discussions of why ipsec won't allow a FQDN in the field.

			Lee