IPSec with Dynamic IP

Started by DaveA67, June 28, 2018, 11:41:57 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
June 28, 2018, 11:41:57 AM
Hi

Is it possible to set up a site to site VPN to and Opnense FW where the remote site does not have a fixed IP?

Scenario - our sales team would like to have a demo kit of comms equipment that will require a VPN to a cloud based opnsense FW. Obviously as they move from customer to customer the public IP trying to make the connection will be different.

I have tried using a dynamic DNS service but cannot get the tunnel to establish.

This will be from a Draytek router (although I can try a different one) set up with a WAN connection that will get an internal IP address on the customer's LAN via DHCP and then onto the internet via the customer gateway.

Hope I've explained that OK!

Cheers

Dave

June 28, 2018, 10:27:58 PM #1
I have setup such a scenario here. The WAN address is bound to a DynDNS name and updating on any change of WAN IP. The tunnel is using the name for Phase 1 and a shared secret. But it should work with a certificate too.
June 29, 2018, 09:56:28 AM #2
Hi

Thanks for that

I did try with no-ip.com but without a success so I will re-visit my settings!

Cheers

June 29, 2018, 05:31:14 PM #3
Hmm

No joy, I think because the non-opnsense end is double NATed. I have

LAN (DHCP from)>>---Draytek>>---DHCP From Customers LAN>>----Customer router>> internet-----------Opnsense firewall

It's the bit in bold that's the problem I think
Print
Go Up Pages1
User actions