[ previous ] [ next ] [ threads ]
 
 From:  Jean-Francois Theroux <jftheroux at privalodc dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] VPN with dynamic IP (details)
 Date:  Fri, 09 Jul 2004 22:40:24 -0400
You can create ipsec tunnels with dynamic IPs. The only drawback, if 
your IPs change, you will have to reconfigure the tunnel. If you only 
have one, its not much work.
Doing this myself, I know it works well. Though the tunnel is not 
serving anything mission critical.

Daniele Guazzoni wrote:

>Ok let me give some few more details:
>
>Box A:
>- m0n0wall 1.1b15 with static IP (ADSL termination with static DHCP
>assignement).
>- IPsec configured to allow mobile client.
>- pre-shared key configured to match box B.
>
>Box Z:
>- m0n0wall 1.1b15 with dynamic IP (also ADSL).
>- IPsec configured to build a tunnel to box A.
>
>What happens:
>- if we use "IP address" as identity (in tunnel config and pre-shared key)
>box A does not recognize the remote identity and therefore cannot find the
>matching PSK.
>- if we use "domain name" as identity phase-1 comes up and that's it (no
>phase-2 negotiation).
>- I even tried to set into the PSK 0.0.0.0 as remote identity...
>
>Any idea ?
>
>
>
>
>regards
>
>
>------------------------------------------------------------------
>Daniele Guazzoni
>Network & System Engineer
>Cisco Certified Network Professional
>
>E-Mail: daniele dot guazzoni at gcomm dot ch
>Web:    http://www.gcomm.ch
>------------------------------------------------------------------
>"Destiny is not a matter of chance, it is a matter of choice;
>it is not a thing to be waited for, it is a thing to be achieved."
>                        William Jennings Bryan 
> 
>
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>
>  
>

-- 
Jean-Francois Theroux
Systems administrator
514.726.3732
PrivalODC
http://www.privalodc.com