Hi, I have been using OpenBSD on a dynamic IP address for 10+ years.
I have an account with dynamic dns provider Zoneedit and use the ddclient package.
I run a SMTP daemon, HTTP, SSH and in those 10+ years, I have never had a situation where I could not reach my server. I access it from all over the world using putty (ssh), imap (dovecot), webmail (roundcubemail) and access my web server for various purposes.
When I first got my server going, I was a paranoid & had a modem connected to the serial port of my server so I could get to my server in the case of loosing Internet access. I used the modem exactly 0 times and finally got rid of the landline.
Since I am paranoid, I had a backup to the backup & received an email every 2 hours (initially) that had the IP address of the interface. I had a filter so the email just went into a folder. I never had to use it...
If you feel tied to an ISP because of static IP, I would not hesitate to go the dynamic route.
Cheers, Steve Williams On 02/01/2017 3:05 PM, Peter Fraser wrote:
A charity that I support has been having trouble with its internet provider (Rogers). The problem I have is that Roger is the only supplier that is available that will give a fixed IP address. I want the fixed IP address so I don't have to drive there to fix problems. It occurred to me that if I could get a VPN set up automatically when their OpenBSD firewall boots. I could then use the VPN to reach back into their computer. Having never set up a VPN using OpenBSD I started by reading, and I was left very confused. I came up with: On my firewall I have /etc/ipsec.conf ike passive from egress to 192.168.254/24 peer 192.168.254.1 srcid thinkage.ca dstid kwaccessability.ca tag ipsec-kwa ike passive from 192.102.11.0/24 to 192.168.254.0/24 peer 192.168.254.1 srcid thinkage.ca dstid kwaccessability.ca tag ipsec-kwa on their firewall ike from egress to 192.102.11/24 peer 192.102.11.1 srcid kwaccessability.ca dstid thinkage.ca tag ipsec-kwa ike from 192.168.254/24 to 192.102.11/24 peer 192.102.11.1 srcid kwaccessability.ca dstid thinkage.ca tag ipsec-kwa I also opened up the firewall to allow packed in from both networks without restrictions, something I will have to clean up later On both system I have isakmpd_flags=-K -v -D A=10 because of some of the readings I also put on both systems into /etc/hostname.enc0 up when I try to start isakmpd on the remote system I get only a message about privilege droping. on my local system I get Jan 2 16:23:55 gateway isakmpd[71980]: timer_add_event: event ui_conn_reinit(0x0) added last, expiration in 5s Jan 2 16:23:55 gateway isakmpd[71980]: timer_remove_event: removing event ui_conn_reinit(0x0) Jan 2 16:23:55 gateway isakmpd[71980]: timer_add_event: event ui_conn_reinit(0x0) added last, expiration in 5s gateway:/etc # Jan 2 16:24:00 gateway isakmpd[71980]: timer_handle_expirations: event ui_conn_reinit(0x0) Jan 2 16:24:00 gateway isakmpd[71980]: ipsec_get_id: invalid section to-192.168.254/24 network 192.168.254 Jan 2 16:24:00 gateway isakmpd[71980]: connection_init: could not record passive connection "from-ste0-to-192.168.254/24" Jan 2 16:24:00 gateway isakmpd[71980]: ipsec_get_id: invalid section from-192.102.11/24 network 192.102.11 Jan 2 16:24:00 gateway isakmpd[71980]: connection_init: could not record passive connection "from-192.102.11/24-to-192.168.254/24" JaJan 2 16:23:55 gateway isakmpd[71980]: timer_add_event: event ui_conn_reinit(0x0) added last, expiration in 5s Jan 2 16:23:55 gateway isakmpd[71980]: timer_remove_event: removing event ui_conn_reinit(0x0) Jan 2 16:23:55 gateway isakmpd[71980]: timer_add_event: event ui_conn_reinit(0x0) added last, expiration in 5s gateway:/etc # Jan 2 16:24:00 gateway isakmpd[71980]: timer_handle_expirations: event ui_conn_reinit(0x0) Jan 2 16:24:00 gateway isakmpd[71980]: ipsec_get_id: invalid section to-192.168.254/24 network 192.168.254 Jan 2 16:24:00 gateway isakmpd[71980]: connection_init: could not record passive connection "from-ste0-to-192.168.254/24" Jan 2 16:24:00 gateway isakmpd[71980]: ipsec_get_id: invalid section from-192.102.11/24 network 192.102.11 Jan 2 16:24:00 gateway isakmpd[71980]: connection_init: could not record passive connection "from-192.102.11/24-to-192.168.254/24" any hint as to what I am doing wrong?
