On Tue, 2004-07-06 at 22:30, Brent Lhuillier wrote:
> Yes, I have. However, if your IP lease is extremely short you will find
> yourself reconfiguring the host ip of the tunnel calling the dynamic end
> of the tunnel a LOT.
I have a setup where I have a m0n0wall with a dynamic ip connecting to a
Netscreen with a static IP. You need to set up the connection using
preshared keys in aggressive mode. If you configure the phase 1 and
phase 2 lifetimes to be the same on each end, the tunnels should stay
up. There is already code in m0n0wall to reconfigure racoon if the IP
changes, but it doesn't automatically bring the tunnel up - it needs
traffic generated from the initiator to the other end of the subnet to
bring it up. I submitted a simple patch to Manuel that offers a
checkbox that will send a ping to re-establish the tunnel upon IP
change/reconfigure/reboot. It should be in the next beta.
Although my IP hasn't changed with it yet, the tunnel has been up for 6
days now without a hiccup.
Justin Ellison <justin at techadvise dot com>