On 2012-05-04, shadrock <[email protected]> wrote: > firewall dual homed > network facing static nic address = 5.5.5.4 (rfc1918/rfc6598) > virgin media router facing static nic address = 3.3.3.2 > (rfc1918/rfc6598) > virgin media router static address = 3.3.3.3 (rfc1918/rfc6598) > virgin media dynamic wan address = 1.1.1.1 (internet-routable) > firewall default route = 3.3.3.3 > network_a default route = 5.5.5.4
So you have no static routable address on either side. This isn't going to work well with isakmpd, you really need a static address on at least one side to use it. DNS lookups are only done when the config is loaded so there's no way to automatically track changed addresses in isakmpd. If you can live with restarting things when the address changes then your local_gw address would be the router-facing rfc1918 address and remote_gw would be the dynamic internet-routable address of the other gateway. OpenVPN might be better in this situation, see the 'float' option and/or http://openvpn.net/index.php/open-source/faq/77-server/299-can-openvpn-handle-the-situation-where-both-ends-of-the-connection-are-dynamic.html
