Hi there,
I'm new to OPNsense and I'm looking to replace my old Netscreen-25 (don't laugh) and while about everything on OPNsense looks like I'm good to go, I think I've run into a snag.
I'm currently using a mix of
Dial VPN (ok, OPNsense looks to do that via Mobile VPN)
Static VPN site-to-site tunnels (Both Sites are on Static IPs with MainMode negotiation)
Partial Static/Dynamic VPN tunnels (One site is static, the other is dynamic)
The last one looks like the sticker. In ScreenOS and JunOS (for newer Juniper units), the remote gateway doesn't necessarily have to have an IP entered in the near gateway. Just a unique host-id of sorts and aggressive mode negotiations.
Am I correct in this conclusion or is there a way to do this I'm not seeing?
Thanks!
-Ben
Use a DynDNS service of your choice for the dynamic IP(s), configure it in OPNsense to be updated and in openVPN site-to-site to be used and you're done. Work's like a charm in many, many installs... :-)
The remote ends that are dynamic aren't running OPNsense and don't support DynDNS in all cases.
Also, I'm not the owner of the remote equipment.
So it sounds like that's a "no".
Dang. I'm bummed. I was really looking forward to switching to this.
Thanks for your quick reply!
Reverse ssh tunnel? DynDNS does not necessarily need to run on OPNsense and other router/firewalls have this functionallity as well...
I appreciate the suggestions - but that's not really an option considering the equipment in use.
Really, I just needed a Yes/No on the original question in case I was missing something.
It would appear that answer is still "no'.
Thus, being the case, I'll probably go toss that in the suggestions-box since most of the mainstream boxes I've used support it.
Thanks again,
-Ben
As I thought about it some more:
Do the Dev's normally real the forum?
Is there a better method to get a request to the Dev's on this kind of item?