A friend and I are both on dynamic IP residential broadband connections. We both use OpenBSD boxes as edge devices.
We were wondering if it were possible to create an ipsec tunnel between us, even though we both have dynamic public IPs. The documentation I've read seems to suggest that at least _somebody_ must have a static IP. I can understand that at some point, needing the public IPs is necessary for setting up the tunnel, but is it possible that dyndns or some other dynamic mechansim can be used to find the public IPs as needed? Isn't it the case that IPsec can mutually authenticate peers based on keys, and fixed public IPs aren't required as part of peer authentication?
