[ previous ] [ next ] [ threads ]
 From:  Christoph Kumpmeyer <mlists at kumpmeyer dot de>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Still, IPSec VPN with Dyndns hosts
 Date:  Wed, 26 Jan 2011 00:50:18 +0100
Am 24.01.2011 01:58, schrieb Heinz Teichmann:
> On Fri., nov 12, 2010, Harbert, Orangebox Networks wrote:
>>> Well I have now 2 sites with DynDNS running, 1x pfSense, 1x M0n0wall,
>>> IPsec for remote access, also a 3rd with NO-IP (pfSense).
>>> In general it does not give me trouble, only sometimes directly after an
>>> IP change on my m0n0 side, I can't build up a connection anymore.
>>> When at that moment I disconnect the WAN PPPOE it connects automaticly
>>> again and so far 9 out of 10 times builds up the IPsec again.
>>> 1x it didn't and what I did was "save" the IPsec tunnel again and it
>>> worked.
>> I have the same problem as Heinz (as do probably many others.) All
>> the parameters are indeed the same on both of my m0n0wall routers.
>> One is behind a PPoE and the other has a static IP address, so this
>> IPSec using DNS RFC 2136 (I think that's the one) should be working.
>> Probably there's a bug in the racoon version of m0n0wall. I've even
>> updated to 1.33b1 after reading that something relating to dynamic
>> IPs and IPSec had been improved (the resolv.conf I think.) Even with
>> 1.33b1 I'm having the same problems.
>> Has anyone got this feature to work in the meantime?
> I can only confirm what I posted before, and that the problem is not only between monowall and
other routers.
> I set up a VPN between two monowalls on PPTP with dynamic dns and the other end is not reachable
anymore as soon as one IP address changes.
> This forced me to go back to AVM devices because they do that without any issues, very stable.
Billion by the way as well. Both have no good firewall, the Billion is a bit better than the AVM
> All of them connect fine to monowall as long as the IP addresses stay the same. Haven't tried
pfsense but I guess it's the same.
> A scheduled restart of racoon wouldn't fix, but definitely overcome the problem.

That's interesting, because I cannot confirm this behaviour.
I've got one monowall (1.32) here connected to two Linksys RV082.
All three sites are using PPPoE and dynamic IPs.
After an IP adress change, it takes a little bit of time before the
tunnel connects again, but in my experience this takes less than 15 minutes.
The above mentioned setup worked for me since November 2010.