Koozali.org: home of the SME Server
  1. Koozali.org: home of the SME Server
  2. Legacy Forums
  3. Experienced User Forum
  4. Topic: Server to Server VPN with dynamic IP?
« previous next »
Pages: [1]   Go Down

Server to Server VPN with dynamic IP?

  • 2 Replies
  • 869 Views

Bill Talcott

Server to Server VPN with dynamic IP?
« on: June 07, 2002, 12:34:19 AM »
Is it possible to set up a server to server VPN if one of the servers has a dynamic IP? Everything I've read so far says you have to have a static IP...

We have a (very) remote office. The only option is dialup. We have a few PCs there, and it would be nice if we could set up some sort of server-based VPN so they could access the network here behind the SME. It'd still be insanely slow anyway so I'm not too concerned, but it would be nice to know if it's possible to do this.
Logged

james douglas

Re: Server to Server VPN with dynamic IP?
« Reply #1 on: June 07, 2002, 05:17:58 AM »
can you set up the vpn using domain names ? I havent tried yet but was planning too. If so you could use a dynamic dns services to maintain your domain names and use the domain names to establish the vpns between sites...
Logged

Todd Pearsall

Re: Server to Server VPN with dynamic IP?
« Reply #2 on: June 07, 2002, 09:18:38 PM »
Yes, with FreeS/WAN you can have one side static and the other dynamic, it just means the dynamic side must ititiate the connection and the static is set to wait for a connection from any IP.  It can be done with a shared key but is best accomplished with RSA signatures. In FreeS/WAN terms that looks like:

#Static Side Connection File ipsec.conf
conn DynSide-StaticSide
   # How persistent to be in (re)keying negotiations (0 means very).
   keyingtries=0
   authby=rsasig
   # Left security gateway, subnet behind it, next hop toward right.
   left=%any
   leftsubnet=192.168.3.0/24
        leftid=@DynSide
   leftrsasigkey=0x0103df3d...
   leftfirewall=yes
   # Right security gateway, subnet behind it, next hop toward left.
   right=55.55.55.55
   rightsubnet=172.30.85.0/24
   rightnexthop=55.55.55.51
   rightid=@StaticSide
   rightrsasigkey=0x0103779...
   rightfirewall=yes
   # Authorize this connection, but don't actually start it, at startup.
   #
   auto=add



#Dynamic Side Connection File ipsec.conf
conn DynSide-StaticSide
   # How persistent to be in (re)keying negotiations (0 means very).
   keyingtries=0
   authby=rsasig
   # Left security gateway, subnet behind it, next hop toward right.
   left=%defaultroute
   leftsubnet=192.168.3.0/24
        leftid=@DynSide
   leftrsasigkey=0x0103d...
   leftfirewall=yes
   # Right security gateway, subnet behind it, next hop toward left.
   right=55.55.55.55
   rightsubnet=172.30.85.0/24
   rightnexthop=55.55.55.51
   rightid=@StaticSide
   rightrsasigkey=0x0103779...
   rightfirewall=yes
   # Authorize this connection and start it at startup.
   auto=start

Check the FreeS/WAN docs for any parameter definitions you need.

- Todd
Logged
Pages: [1]   Go Up
« previous next »
  1. Koozali.org: home of the SME Server
  2. Legacy Forums
  3. Experienced User Forum
  4. Topic: Server to Server VPN with dynamic IP?