[SOLVED - Sort of] OPNsense and VPN Tunnels with Dynamic IPs

Started by benjammin1001, January 20, 2020, 09:24:47 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
January 20, 2020, 09:24:47 AM Last Edit: January 23, 2020, 01:26:47 AM by benjammin1001
Hi there,

I'm new to OPNsense and I'm looking to replace my old Netscreen-25 (don't laugh) and while about everything on OPNsense looks like I'm good to go, I think I've run into a snag.

I'm currently using a mix of

Dial VPN (ok, OPNsense looks to do that via Mobile VPN)
Static VPN site-to-site tunnels (Both Sites are on Static IPs with MainMode negotiation)
Partial Static/Dynamic VPN tunnels (One site is static, the other is dynamic)

The last one looks like the sticker. In ScreenOS and JunOS (for newer Juniper units), the remote gateway doesn't necessarily have to have an IP entered in the near gateway. Just a unique host-id of sorts and aggressive mode negotiations.

Am I correct in this conclusion or is there a way to do this I'm not seeing?

Thanks!

-Ben
January 20, 2020, 09:50:12 AM #1
Use a DynDNS service of your choice for the dynamic IP(s), configure it in OPNsense to be updated and in openVPN site-to-site to be used and you're done. Work's like a charm in many, many installs... :-)
kind regards
chemlud
____
"The price of reliability is the pursuit of the utmost simplicity."
C.A.R. Hoare

felix eichhorns premium katzenfutter mit der extraportion energie

A router is not a switch - A router is not a switch - A router is not a switch - A rou....
January 20, 2020, 03:59:57 PM #2
The remote ends that are dynamic aren't running OPNsense and don't support DynDNS in all cases.

Also, I'm not the owner of the remote equipment.

So it sounds like that's a "no".

Dang. I'm bummed. I was really looking forward to switching to this.

Thanks for your quick reply!
January 20, 2020, 04:17:16 PM #3
Reverse ssh tunnel? DynDNS does not necessarily need to run on OPNsense and other router/firewalls have this functionallity as well...
kind regards
chemlud
____
"The price of reliability is the pursuit of the utmost simplicity."
C.A.R. Hoare

felix eichhorns premium katzenfutter mit der extraportion energie

A router is not a switch - A router is not a switch - A router is not a switch - A rou....
January 20, 2020, 07:38:40 PM #4
I appreciate the suggestions - but that's not really an option considering the equipment in use.

Really, I just needed a Yes/No on the original question in case I was missing something.

It would appear that answer is still "no'.

Thus, being the case, I'll probably go toss that in the suggestions-box since most of the mainstream boxes I've used support it.

Thanks again,

-Ben
January 23, 2020, 01:26:17 AM #5 Last Edit: January 23, 2020, 01:28:16 AM by benjammin1001
As I thought about it some more:

Do the Dev's normally real the forum?

Is there a better method to get a request to the Dev's on this kind of item?

Print
Go Up Pages1
User actions