[ previous ] [ next ] [ threads ]
 From:  Heinz Teichmann <heinz dot teichmann at wanews dot com dot au>
 To:  "m0n0wall at lists dot m0n0 dot ch" <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Still, IPSec VPN with Dyndns hosts
 Date:  Mon, 24 Jan 2011 08:58:51 +0800
On Fri., nov 12, 2010, Harbert, Orangebox Networks wrote:
>>Well I have now 2 sites with DynDNS running, 1x pfSense, 1x M0n0wall,
>>IPsec for remote access, also a 3rd with NO-IP (pfSense).
>>In general it does not give me trouble, only sometimes directly after an
>>IP change on my m0n0 side, I can't build up a connection anymore.
>>When at that moment I disconnect the WAN PPPOE it connects automaticly
>>again and so far 9 out of 10 times builds up the IPsec again.
>>1x it didn't and what I did was "save" the IPsec tunnel again and it
>>In both situations I was on the m0n0wall side, so far did not have to do
>>something on the pfSense sides.
>>Did you check if all parameters are on both sides exactly the same?
>I have the same problem as Heinz (as do probably many others.) All
>the parameters are indeed the same on both of my m0n0wall routers.
>One is behind a PPoE and the other has a static IP address, so this
>IPSec using DNS RFC 2136 (I think that's the one) should be working.

>Probably there's a bug in the racoon version of m0n0wall. I've even
>updated to 1.33b1 after reading that something relating to dynamic
>IPs and IPSec had been improved (the resolv.conf I think.) Even with
>1.33b1 I'm having the same problems.

>Has anyone got this feature to work in the meantime?


I can only confirm what I posted before, and that the problem is not only between monowall and other
I set up a VPN between two monowalls on PPTP with dynamic dns and the other end is not reachable
anymore as soon as one IP address changes.
This forced me to go back to AVM devices because they do that without any issues, very stable.
Billion by the way as well. Both have no good firewall, the Billion is a bit better than the AVM
All of them connect fine to monowall as long as the IP addresses stay the same. Haven't tried
pfsense but I guess it's the same.
A scheduled restart of racoon wouldn't fix, but definitely overcome the problem.




West Australian Newspapers Group
Privacy and Confidentiality Notice

The information contained herein and any attachments are intended solely for the named recipients.
It may contain privileged confidential information.  If you are not an intended recipient, please
delete the message and any attachments then notify the sender. Any use or disclosure of the contents
of either is unauthorised and may be unlawful. Any liability for viruses is excluded to the fullest
extent permitted by law.

Advertising Terms & Conditions
Please refer to the current rate card for advertising terms and conditions.  The rate card is
available on request or via www.thewest.com.au/ratecard

If you do not wish to receive emails such as this in future please reply to it with "unsubscribe" in
the subject line.