OPNsense Forum
Archive => 22.1 Legacy Series => Topic started by: gunnarf on April 09, 2022, 08:01:01 am
-
I have a problem with my ISP. I can't get a permanent ipv4 address for my main firewall access point. This means that if I reboot after an upgrade, I may sit there with a new public ip address, which means that my both sites won't be able to set up the VPN I have between the sites.
My thought then would be a cron script (on the remote firewall) checking (once a day) the public ip address on the main site (yes it's reachable via DNS), retrieve the new address and then change the ip-address in the client VPN setup, and reload the VPN system (OpenVPN used)
Is this possible (yes of course :) but how?)
-
What is the issue with using a line like this in your client OpenVPN config?
remote <my.dynamic.dns.name> <port> <protocol>
In other words, why would you use the IP address when your server can be resolved in DNS?
If you add these directives, the client will retry the connection when it drops:
persist-tun
persist-key
If you have some spare time, have a look at the man page: https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
Bart...
-
Just use the DNS Name on in your client config.
Gesendet von meinem M2012K11AC mit Tapatalk
-
What is the issue with using a line like this in your client OpenVPN config?
remote <my.dynamic.dns.name> <port> <protocol>
In other words, why would you use the IP address when your server can be resolved in DNS?
If you add these directives, the client will retry the connection when it drops:
persist-tun
persist-key
If you have some spare time, have a look at the man page: https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
Bart...
Brilliant. Of course I should. Sometimes you make things more complicated than they should be! :D
That's why we keep our ip addresses in DNS ;D
Is there a way to direct edit the config on the remote OPNsense box? I can reach the firewall from a host on that network.
Thanks for giving me the push!
-
Hi
I thought I'd just tell you that I've been running a VPN between two instances of OPNsense successfully for some years. Both sites use domestic-grade ADSL and cope with dynamic IP address allocation. Moreover, I've used IPSEC to provide the VPN as a bridge between the two sites.
IPSEC is more challenging, because the configuration files that OPNsense generates ( /usr/local/etc/ipsec.conf and /usr/local/etc/ipsec.secrets ) both contain hard-coded ip addresses of both sites. I've got round this by running a check script (every minute) to check VPN status, and the config files. All discrepancies are fixed with sed and ipsec gets nudged to reload &/or reconnect.
I run the same script at both ends and it's been very successful.
If you want any more detail, then DM me.
PeterF
-
I solved it by modifying the /conf/config.xml to the dns value. Would have been helpful to been given the location of the config file. But now I know where it is. ;)