> I'm not 100% sure Scott will probably need to jump in here to confirm. > > In my tests even though you can put a dynamic-dns name in the field for > remote gateway it doesn't actually seem to do a lookup on it. If it did > it probably would work fine. > This is probably not an incredibly difficult thing to fix.
If I understand correctly, IPSEC tunnels can only be specified by mean of their actual endpoints inside the SPD tables. It's not a problem coming from the Phase1 of IKE negotiation (where you could easily authenticate using an identifier unrelated to the IP address), but from the semantics of the tunnel's SPD, where the IP address of the endpoint cannot be omitted. The real solution is using ESP host to host encryption between the firewalls (which can be established without problems between dynamic address), and then instantiate some other unencrypted tunneling protocol to route the trafic between the subnets (ppp over UDP, or something else (gif??)). I don't think this is easily done in pfSense. Angelo. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
