From owner-freebsd-questions@FreeBSD.ORG Wed Sep 29 13:58:49 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 532A0106564A for ; Wed, 29 Sep 2010 13:58:49 +0000 (UTC) (envelope-from milu@dat.pl) Received: from jab.dat.pl (dat.pl [80.51.155.34]) by mx1.freebsd.org (Postfix) with ESMTP id C0AE28FC1A for ; Wed, 29 Sep 2010 13:58:48 +0000 (UTC) Received: from jab.dat.pl (jsrv.dat.pl [127.0.0.1]) by jab.dat.pl (Postfix) with ESMTP id 8726E9B for ; Wed, 29 Sep 2010 15:58:47 +0200 (CEST) X-Virus-Scanned: amavisd-new at dat.pl Received: from jab.dat.pl ([127.0.0.1]) by jab.dat.pl (jab.dat.pl [127.0.0.1]) (amavisd-new, port 10024) with LMTP id JMxxppyeq0Zs for ; Wed, 29 Sep 2010 15:58:45 +0200 (CEST) Received: from snifi.localnet (unknown [212.69.68.42]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by jab.dat.pl (Postfix) with ESMTPSA id E269978 for ; Wed, 29 Sep 2010 15:58:44 +0200 (CEST) From: Maciej Milewski To: freebsd-questions@freebsd.org Date: Wed, 29 Sep 2010 15:58:48 +0200 User-Agent: KMail/1.13.5 (Linux/2.6.35-ARCH; KDE/4.5.1; x86_64; ; ) References: In-Reply-To: X-KMail-Markup: true MIME-Version: 1.0 Message-Id: <201009291558.49362.milu@dat.pl> Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Re: ipsec with dynamic IP X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Sep 2010 13:58:49 -0000 On Wednesday 29 September 2010 15:11:30, claudiu vasadi wrote: > Hello fellas, > > I have 2x 8.1-RELEASE machines and I need to create a vpn between them. > I've been reading the handbook on this subject and following the example > there, I was able to establish a link. > > The only problem is that both my machines have dynamic (external) IP. > > My way of "solving" this little issue would be to create a script that > would check each machine for a new external IP and if it finds it, replace > it wherever it is needed (gif interface, racoon conf. file) > > My question to you is if there is another, cleaner, way of achieving this > and if any of you faced the same situation, how did you come to solve it ? If you are not bound to IPSEC I think you could use OpenVPN and some kind of dyndns service. I haven't set up this between two servers although I'm successfuly using it in client-server mode and it works fine. > Also, is there a way to make the gif interface persistent over reboots ? I > couldn;t find any so again, a script comes to mind. Maybe cloned_interfaces or gif_interfaces in rc.conf would help? Regards, Maciej Milewski