Hi, You should see if the client can operate as a Microsoft Office "partial redelegation". One client where I work uses Office 365 and still retains control of their own DNS.
I did a quick google... https://support.office.com/en-us/article/How-Office-365-manages-DNS-records-5980474a-097f-4f21-a864-21245314957f If you can't get to a "partial redelation" situation, then you are really limited on what you can do, and it's likely that a dynamic IP address just won't work with Office 365 either. Good luck! Cheers, Steve W. / / On 03/01/2017 8:49 AM, Peter Fraser wrote: > The charity uses Office 365, which for charities a great deal, Microsoft > charges them $1US per user per month > up to 75 users, but a result, Microsoft control their DNS. > > I also expect that they will be NATed and given a 10/8 address. > > > > > -----Original Message----- > From: [email protected] [mailto:[email protected]] On Behalf Of > Steve Williams > Sent: Monday, January 2, 2017 6:57 PM > To: Peter Fraser <[email protected]>; '[email protected]' <[email protected]> > Subject: Re: isakmpd set up > > Hi, > > I have been using OpenBSD on a dynamic IP address for 10+ years. > > I have an account with dynamic dns provider Zoneedit and use the ddclient > package. > > I run a SMTP daemon, HTTP, SSH and in those 10+ years, I have never had a > situation where I could not reach my server. I access it from all over the > world using putty (ssh), imap (dovecot), webmail > (roundcubemail) and access my web server for various purposes. > > When I first got my server going, I was a paranoid & had a modem connected to > the serial port of my server so I could get to my server in the case of > loosing Internet access. I used the modem exactly 0 times and finally got > rid of the landline. > > Since I am paranoid, I had a backup to the backup & received an email every 2 > hours (initially) that had the IP address of the interface. I had a filter > so the email just went into a folder. I never had to use it... > > If you feel tied to an ISP because of static IP, I would not hesitate to go > the dynamic route. > > Cheers, > Steve Williams > > On 02/01/2017 3:05 PM, Peter Fraser wrote: >> A charity that I support has been having trouble with its internet >> provider (Rogers). >> The problem I have is that Roger is the only supplier that is >> available that will give a fixed IP address. >> >> I want the fixed IP address so I don't have to drive there to fix problems. >> >> It occurred to me that if I could get a VPN set up automatically when >> their OpenBSD firewall boots. >> I could then use the VPN to reach back into their computer. >> >> Having never set up a VPN using OpenBSD I started by reading, and I >> was left very confused. >> >> I came up with: >> >> On my firewall I have /etc/ipsec.conf >> >> ike passive from egress to 192.168.254/24 peer 192.168.254.1 srcid >> thinkage.ca dstid kwaccessability.ca tag ipsec-kwa ike passive from >> 192.102.11.0/24 to 192.168.254.0/24 peer 192.168.254.1 srcid >> thinkage.ca dstid kwaccessability.ca tag ipsec-kwa >> >> on their firewall >> >> ike from egress to 192.102.11/24 peer 192.102.11.1 srcid >> kwaccessability.ca dstid thinkage.ca tag ipsec-kwa ike from >> 192.168.254/24 to 192.102.11/24 peer 192.102.11.1 srcid >> kwaccessability.ca dstid thinkage.ca tag ipsec-kwa >> >> I also opened up the firewall to allow packed in from both networks >> without restrictions, something I will have to clean up later >> >> On both system I have isakmpd_flags=-K -v -D A=10 >> >> because of some of the readings I also put on both systems into >> /etc/hostname.enc0 >> up >> >> when I try to start isakmpd on the remote system I get only a message >> about privilege droping. >> >> on my local system I get >> >> Jan 2 16:23:55 gateway isakmpd[71980]: timer_add_event: event >> ui_conn_reinit(0x0) added last, expiration in 5s Jan 2 16:23:55 >> gateway isakmpd[71980]: timer_remove_event: removing event >> ui_conn_reinit(0x0) >> Jan 2 16:23:55 gateway isakmpd[71980]: timer_add_event: event >> ui_conn_reinit(0x0) added last, expiration in 5s gateway:/etc # Jan 2 >> 16:24:00 gateway isakmpd[71980]: >> timer_handle_expirations: event ui_conn_reinit(0x0) Jan 2 16:24:00 >> gateway isakmpd[71980]: ipsec_get_id: invalid section >> to-192.168.254/24 network 192.168.254 >> Jan 2 16:24:00 gateway isakmpd[71980]: connection_init: could not >> record passive connection "from-ste0-to-192.168.254/24" >> Jan 2 16:24:00 gateway isakmpd[71980]: ipsec_get_id: invalid section >> from-192.102.11/24 network 192.102.11 >> Jan 2 16:24:00 gateway isakmpd[71980]: connection_init: could not >> record passive connection "from-192.102.11/24-to-192.168.254/24" >> JaJan 2 16:23:55 gateway isakmpd[71980]: timer_add_event: event >> ui_conn_reinit(0x0) added last, expiration in 5s Jan 2 16:23:55 >> gateway isakmpd[71980]: timer_remove_event: removing event >> ui_conn_reinit(0x0) >> Jan 2 16:23:55 gateway isakmpd[71980]: timer_add_event: event >> ui_conn_reinit(0x0) added last, expiration in 5s gateway:/etc # Jan 2 >> 16:24:00 gateway isakmpd[71980]: >> timer_handle_expirations: event ui_conn_reinit(0x0) Jan 2 16:24:00 >> gateway isakmpd[71980]: ipsec_get_id: invalid section >> to-192.168.254/24 network 192.168.254 >> Jan 2 16:24:00 gateway isakmpd[71980]: connection_init: could not >> record passive connection "from-ste0-to-192.168.254/24" >> Jan 2 16:24:00 gateway isakmpd[71980]: ipsec_get_id: invalid section >> from-192.102.11/24 network 192.102.11 >> Jan 2 16:24:00 gateway isakmpd[71980]: connection_init: could not >> record passive connection "from-192.102.11/24-to-192.168.254/24" >> >> >> any hint as to what I am doing wrong?
