The ADSL line is connected to a modem which has a PPoE connection to the WAN port on the OPNsense firewall. When the WAN connection comes up, it always has a fresh (& different) public IP address. This new address is associated quite quickly with its FQDN via the dynamic dns service.
conn con1
.
.
left = <my WAN ip address>
leftid = <my WAN ip address>
.
.
/usr/local/sbin/ipsec rereadall
/usr/local/sbin/ipsec reload
What are your GUI-bound settings for: My identifier, Peer identifier
UK-FW | FR-FW | |
In "VPN: IPsec: Tunnel Settings" My Identifier is set to "Dynamic DNS" with a value of : "xx1.duckdns.org" | In "VPN: IPsec: Tunnel Settings" My Identifier is set to "Dynamic DNS" with a value of : "xx2.duckdns.org" |
[Do] you use the FQDN on both sides for the remote address?I guess you mean "Remote gateway" parameter?
What is your WAN setup... DHCP?In "Interfaces: [WAN]" the setting for "IPv4 Configuration Type" is set to "PPPoE"
What interface is your IPsec phase 1 bound to?In "VPN: IPsec: Tunnel Settings" (Phase 1 settings), the Interface is set to "WAN"
In theory IPsec should restart itself and also regenerate an proper up-to-date config on DHCP IP changes. But it sounds like it's not doing this.