Bryan - This is ingenious. Awesome. Why can this not run on the pfsense router itself as a scheduled task/ cron job. and update the ip address. Sounds like that would be a simple ping to xxxx.dyndns.org. Even if the ping fails the first line provides the last known IP address for the dyndns. Which can then be used...
I will try and study this more but I am sure the greatest and the best on the forum can solve this in minutes!!! Thanks again for the utility. Best Regards Bryan Derman <[EMAIL PROTECTED]> wrote: Re: [pfSense Support] IPSEC Re: --- It looks like that it needs a public ip address to create a tunnel. I could try and get public IP address at one place but it looks like it still will not work because I need public IP address on both sides..... --- We use pfSense 1.2 to support a VPN between 2 offices. In our case, one site has a static IP and one has a dynamic IP but the dynamic IP doesn't change very often. Originally I didn't have time to look into the "Mobile Clients" setup (and still wouldn't want to use it because of the reduced security when using aggressive mode). I decided to use the dynamic IP of the other office (i.e., as 'though it was static) and auto-update it, as required. Since we use DynDNS for the other/remote office, I wrote a shell script that checks to determine whether the remote-office's IP has changed and, if it has, updates pfSense's VPN IPSec setup to reflect that change. In our case, the script is run via cron every few minutes and that's sufficient, for us. The shell script uses fairly common UNIX tools (curl, sed, etc.) to interact with pfSense via its web pages. While it might have been nicer to do this on the router, it wasn't obvious how to do so (I'm not fluent in php) and I didn't have much time to play. In case anyone else might find this useful, a PDF of the (sanitized) VPN IPSec setup and the (commented) shell script can be downloaded via http://www.derman.com/Download/Special/UpdateRemoteGateway.zip It'll be nicer when pfSense 1.3 makes this obsolete. #;-) ______________________________________________________________________ Original message from Anil Garg on 2008-02-27 at 7:51 PM -0800 ---------------------------------------------------------------------- Hey guys - I am a happy camper with pfsense and recently upgraded to 1.2 and have no issues to report so far. I am trying to hook up two pfsense boxes with IPSEC site to site.... It looks like that it needs a public ip address to create a tunnel. I could try and get public IP address at one place but it looks like it still will not work because I need public IP address on both sides..... Have looked at all documents and spent many hours without avail... Will some of you learned people suggest a way out.. I can only get a Public IP address at one location and I am happy to do pay for that. But the second location being a AT&T DSL in San Jose, CA - this is not an option,..... Much appreciate your help and guidance. Best Regards Anil Garg