OPNsense Forum
Archive => 18.1 Legacy Series => Topic started by: DaveA67 on June 28, 2018, 11:41:57 am
-
Hi
Is it possible to set up a site to site VPN to and Opnense FW where the remote site does not have a fixed IP?
Scenario - our sales team would like to have a demo kit of comms equipment that will require a VPN to a cloud based opnsense FW. Obviously as they move from customer to customer the public IP trying to make the connection will be different.
I have tried using a dynamic DNS service but cannot get the tunnel to establish.
This will be from a Draytek router (although I can try a different one) set up with a WAN connection that will get an internal IP address on the customer's LAN via DHCP and then onto the internet via the customer gateway.
Hope I've explained that OK!
Cheers
Dave
-
I have setup such a scenario here. The WAN address is bound to a DynDNS name and updating on any change of WAN IP. The tunnel is using the name for Phase 1 and a shared secret. But it should work with a certificate too.
-
Hi
Thanks for that
I did try with no-ip.com but without a success so I will re-visit my settings!
Cheers
-
Hmm
No joy, I think because the non-opnsense end is double NATed. I have
LAN (DHCP from)>>---Draytek>>---DHCP From Customers LAN>>----Customer router>> internet-----------Opnsense firewall
It's the bit in bold that's the problem I think