Here's how it works. When the ip changes dhclient kicks off a script which then reconfigures the tunnel. This should work now.
On 11/23/05, Angelo Turetta <[EMAIL PROTECTED]> wrote: > > I'm not 100% sure Scott will probably need to jump in here to confirm. > > > > In my tests even though you can put a dynamic-dns name in the field for > > remote gateway it doesn't actually seem to do a lookup on it. If it did > > it probably would work fine. > > This is probably not an incredibly difficult thing to fix. > > If I understand correctly, IPSEC tunnels can only be specified by mean of > their actual endpoints inside the SPD tables. It's not a problem coming > from the Phase1 of IKE negotiation (where you could easily authenticate > using an identifier unrelated to the IP address), but from the semantics > of the tunnel's SPD, where the IP address of the endpoint cannot be > omitted. > > The real solution is using ESP host to host encryption between the > firewalls (which can be established without problems between dynamic > address), and then instantiate some other unencrypted tunneling protocol > to route the trafic between the subnets (ppp over UDP, or something else > (gif??)). I don't think this is easily done in pfSense. > > Angelo. > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
